Section 21.23.399 - [Effective 1/1/2025] Definitions In AS 21.23.240 - 21.23.399,
(1) "consumer" means an individual who is a resident of the state and whose nonpublic information is in a licensee's possession or control;(2) "cybersecurity event"(A) means an event resulting in unauthorized access to or disruption or misuse of an information system or information stored on the information system;(B) does not include(i) the unauthorized acquisition of encrypted nonpublic information if the encryption's process or key is not also acquired, released, or used without authorization; or(ii) an event in which the licensee has determined that nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed;(3) "encrypt" means transforming of data into a form that results in a low probability of assigning meaning without the use of a protective process or key;(4) "information security program" means the administrative, technical, and physical safeguards that a licensee uses to access, collect, distribute, process, protect, store, use, transmit, dispose of, or otherwise handle nonpublic information;(5) "information system" means(A) a discrete set of electronic information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of electronic information; or(B) a specialized system that may include an industrial or process control system, a telephone switching and private branch exchange system, or an environmental control system;(6) "licensee"(A) means a person licensed, authorized to operate, or registered, or required to be licensed, authorized, or registered, under this title;(B) does not include a purchasing group or a risk retention group chartered and licensed in a state other than this state or a licensee that is acting as an assuming insurer that is domiciled in another state or jurisdiction;(7) "nonpublic information" means electronic information that is not publicly available information and that is(A) business-related information of a licensee, the tampering with which, or unauthorized disclosure, access, or use of which, would cause a material adverse effect to the business, operations, or security of the licensee;(B) information concerning a consumer that, because of a name, number, personal mark, or other identifier, can be used to identify the consumer in combination with one or more of the following data elements: (i) a social security number;(ii) a driver's license number or identification card number;(iii) a financial account, credit card, or debit card number;(iv) a security code, access code, or password that would permit access to a consumer's financial account; or(v) a biometric record; or(C) information or data, except age or gender, in any form created by or derived from a health care provider or a consumer that can be used to identify a particular consumer and relates to (i) the past, present, or future physical, mental, or behavioral health or condition of a consumer or a member of the consumer's family;(ii) the provision of health care to a consumer; or(iii) payment for the provision of health care to a consumer;(8) "person" means an individual or a nongovernmental entity;(9) "publicly available information" means information that a licensee has determined is made available to the general public from (A) a federal, state, or local government record;(B) a widely distributed media; or(C) a disclosure to the general public that is required under federal, state, or local law;(10) "third-party service provider" means a person that is not a licensee that, through a contract with a licensee, is permitted access to and maintains, processes, or stores nonpublic information through its provision of services to the licensee.Added by SLA 2024, ch. 39,sec. 1, eff. 1/1/2025.