1. A licensee who is required to notify more than 500 residents of this State pursuant to NRS 675.283 as the result of a single breach shall notify the Attorney General of the breach not more than 30 days after the date on which the licensee discovered or was notified of the breach. The notification must include, without limitation: (a) The number of residents of this State affected or estimated to be affected by the breach. (b) A list of the types of personal information that were or are reasonably believed to have been subject to the breach. (c) The period of time, if known, in which personal information was potentially subject to acquisition by unauthorized persons as a result of the breach, including, without limitation, the date of the breach and the date upon which the licensee discovered or was notified of the breach. (d) A summary of the actions taken to contain the breach. (e) A sample copy of the notification the licensee provided to persons affected or reasonably believed to be affected by the breach which excludes any personally identifiable information. 2. If any of the information described in subsection 1 is unavailable to a licensee at the time the licensee submits the notification to the Attorney General, the licensee shall promptly provide the information to the Attorney General after the information becomes available to the licensee.
‹ Prev All Nevada sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.