Section 675.NEW - [Newly enacted section not yet numbered] [Notifying Attorney General of breach of security]1. A licensee who is required to notify more than 500 residents of this State pursuant to section 9 of this act as the result of a single breach shall notify the Attorney General of the breach not more than 30 days after the date on which the licensee discovered or was notified of the breach. The notification must include, without limitation: (a) The number of residents of this State affected or estimated to be affected by the breach.(b) A list of the types of personal information that were or are reasonably believed to have been subject to the breach.(c) The period of time, if known, in which personal information was potentially subject to acquisition by unauthorized persons as a result of the breach, including, without limitation, the date of the breach and the date upon which the licensee discovered or was notified of the breach.(d) A summary of the actions taken to contain the breach.(e) A sample copy of the notification the licensee provided to persons affected or reasonably believed to be affected by the breach which excludes any personally identifiable information.2. If any of the information described in subsection 1 is unavailable to a licensee at the time the licensee submits the notification to the Attorney General, the licensee shall promptly provide the information to the Attorney General after the information becomes available to the licensee.Added by 2023, Ch. 527,§10, eff. 10/1/2023.