As used in this Chapter, the following terms shall have the following meanings:
(1) "Agency" means the state, a political subdivision of the state, and any officer, agency, board, commission, department or similar body of the state or any political subdivision of the state.
(2) "Breach of the security of the system" means the compromise of the security, confidentiality, or integrity of computerized data that results in, or there is a reasonable basis to conclude has resulted in, the unauthorized acquisition of and access to personal information maintained by an agency or person. Good faith acquisition of personal information by an employee or agent of an agency or person for the purposes of the agency or person is not a breach of the security of the system, provided that the personal information is not used for, or is subject to, unauthorized disclosure.
(3) "Person" means any individual, corporation, partnership, sole proprietorship, joint stock company, joint venture, or any other legal entity.
(4)(a) "Personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when the name or the data element is not encrypted or redacted:
(i) Social security number.
(ii) Driver's license number.
(iii) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
(b) "Personal information" shall not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.
Acts 2005, No. 499, §1, eff. Jan. 1, 2006.