(a) If a covered person owns or licenses personal information in any form that includes personal information on a state resident, and a breach of the security of the information system that contains personal information occurs, the covered person shall, after discovering or being notified of the breach, disclose the breach to each state resident whose personal information was subject to the breach.
Terms Used In Alaska Statutes 45.48.010
person: includes a corporation, company, partnership, firm, association, organization, business trust, or society, as well as a natural person. See Alaska Statutes 01.10.060
state: means the State of Alaska unless applied to the different parts of the United States and in the latter case it includes the District of Columbia and the territories. See Alaska Statutes 01.10.060
(b) An information collector shall make the disclosure required by (a) of this section in the most expeditious time possible and without unreasonable delay, except as provided in Alaska Stat. § 45.48.020 and as necessary to determine the scope of the breach and restore the reasonable integrity of the information system.(c) Notwithstanding (a) of this section, disclosure is not required if, after an appropriate investigation and after written notification to the attorney general of this state, the covered person determines that there is not a reasonable likelihood that harm to the consumers whose personal information has been acquired has resulted or will result from the breach. The determination shall be documented in writing, and the documentation shall be maintained for five years. The notification required by this subsection may not be considered a public record open to inspection by the public.
