In AS 21.23.240 - 21.23.399, (1) “consumer” means an individual who is a resident of the state and whose nonpublic information is in a licensee's possession or control; (2) “cybersecurity event” (A) means an event resulting in unauthorized access to or disruption or misuse of an information system or information stored on the information system; (B) does not include (i) the unauthorized acquisition of encrypted nonpublic information if the encryption's process or key is not also acquired, released, or used without authorization; or (ii) an event in which the licensee has determined that nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed; (3) “encrypt” means transforming of data into a form that results in a low probability of assigning meaning without the use of a protective process or key; (4) “information security program” means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information; (5) “information system” means (A) a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of electronic information; or (B) a specialized system that may include an industrial or process control system, a telephone switching and private branch exchange system, or an environmental control system; (6) “licensee” (A) means a person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered, under this title; (B) does not include a purchasing group or a risk retention group chartered and licensed in a state other than this state or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction; (7) “nonpublic information” means electronic information that is not publicly available information and that is (A) business-related information of a licensee, the tampering with which, or unauthorized disclosure, access, or use of which, would cause a material adverse effect to the business, operations, or security of the licensee; (B) information concerning a consumer that, because of a name, number, personal mark, or other identifier, can be used to identify the consumer in combination with one or more of the following data elements: (i) a social security number; (ii) a driver's license number or identification card number; (iii) a financial account, credit card, or debit card number; (iv) a security code, access code, or password that would permit access to a consumer's financial account; or (v) a biometric record; or (C) information or data, except age or gender, in any form created by or derived from a health care provider or a consumer that can be used to identify a particular consumer and relates to (i) the past, present, or future physical, mental, or behavioral health or condition of a consumer or a member of the consumer's family; (ii) the provision of health care to a consumer; or (iii) payment for the provision of health care to a consumer; (8) “person” means an individual or a nongovernmental entity; (9) “publicly available information” means information that a licensee has determined is made available to the general public from (A) a federal, state, or local government record; (B) a widely distributed media; or (C) a disclosure to the general public that is required under federal, state, or local law; (10) “third-party service provider” means a person that is not a licensee that, through a contract with a licensee, is permitted access to and maintains, processes, or stores nonpublic information through its provision of services to the licensee.
‹ Prev All Alaska sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.