district attorney in the county where the breach of the security
of the system occurred within three business days following
determination of the breach of the security of the system .
Notification shall occur notwithstanding the existence of
procedures and policies under section 7.
(a.3) Electronic notification.--In the case of a breach of
the security of the system involving personal information for a
user name or e-mail address in combination with a password or
security question and answer that would permit access to an
online account, the State agency, county, school district PUBLIC
SCHOOL or municipality entity , to the extent that it has
sufficient contact information for the person, may comply with
this section by providing the breach of the security of the
system notification in electronic or other form that directs the
person whose personal information has been breached materially
compromised by the breach of the security of the system to
promptly change the person's password and security question or
answer, as applicable or to take other steps appropriate to
protect the online account with the State agency, county, school
district PUBLIC SCHOOL or municipality entity and other online
accounts for which the person whose personal information has
been breached materially compromised by the breach of the
security of the system uses the same user name or e-mail address
and password or security question or answer.
(a.4) Affected individuals.--In the case of a breach of the
security of the system involving personal information for a user
of an individual's user name or e-mail address in combination
with a password or security question and answer that would
permit access to an online account, the State agency contractor
may comply with this section by providing a list of affected
A05644 - 8 -
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30