Section 10-13A-01 – Definitions
** TAKES EFFECT OCTOBER 1, 2024 PER CHAPTER 429 OF 2020 ** (a) In this subtitle the following words have the meanings indicated. (b) (1) “Breach of the security of a system” means the unauthorized acquisition of personally identifiable information maintained by a public institution of higher education that creates a reasonable risk of harm to the individual […]
Section 10-13A-02 – Inapplicable to Certain Personally Identifiable Information — Compliance With Laws
** TAKES EFFECT OCTOBER 1, 2024 PER CHAPTER 429 OF 2020 ** (a) This subtitle does not apply to personally identifiable information that: (1) is publicly available information that is lawfully made available to the general public from federal, State, or local government records; (2) an individual has consented to have publicly disseminated or listed; (3) except for a […]
Section 10-13A-03 – Review and Designation as Systems of Record — Privacy Governance Program — Information Security and Risk Management Program — Privacy Notices
** TAKES EFFECT OCTOBER 1, 2024 PER CHAPTER 429 OF 2020 ** (a) Each public institution of higher education shall review and designate systems within the public institution of higher education as systems of record based on the following criteria: (1) the risk posed to individuals by the personally identifiable information processed and stored on the systems; […]
Section 10-13A-04 – Investigation of Breaches of Security — Duties Upon Finding of Occurrence
** TAKES EFFECT OCTOBER 1, 2024 PER CHAPTER 429 OF 2020 ** (a) If a public institution of higher education collects personally identifiable information of an individual and discovers or is notified of a breach of the security of a system, the public institution of higher education shall conduct in good faith a reasonable and prompt […]