(i) email notice when the person or business has an email address for the subject persons; (ii) conspicuous posting of the notice on the website page of the person or business, if the person or business maintains one; and (iii) notification to major statewide media. (h) Notwithstanding paragraph (g), a person or business that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this section and Minn. Stat. § 13.055, subdivision 6, shall be deemed to be in compliance with the notification requirements of this section and Minn. Stat. § 13.055, subdivision 6, if the person or business notifies subject persons in accordance with its policies in the event of a breach of security of the system. Subd. 2. Coordination with consumer reporting agencies. If a person discovers circumstances requiring notification under this section and Minn. Stat. § 13.055, subdivision 6, of more than 500 persons at one time, the person shall also notify, within 48 hours, all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis, as defined by United States Code, title 15, section 1681a, of the timing, distribution, and content of the notices. Subd. 3. Waiver prohibited . Any waiver of the provisions of this section and Minn. Stat. § 13.055, subdivision 6, is contrary to public policy and is void and unenforceable. Subd. 4. Exemption . This section and Minn. Stat. § 13.055, subdivision 6, do not apply to any “financial institution” as defined by United States Code, title 15, section 6809(3). Subd. 5. [Renumbered Minn. Stat. § 13.055, Subd. 6] Subd. 6. Remedies and enforcement. The attorney general shall enforce this section and Minn. Stat. § 13.055, subdivision 6, under section 8.31.
93
Made with FlippingBook - Online Brochure Maker