|
If passed, licensees must maintain a comprehensive information security program (based on its size and complexity, activities and sensitivity of information to be protected), and annually certify its compliance with the Law to the Commissioner of Commerce (“Commissioner”); the timeframe to notify the Commissioner of a data breach has increased from 72 hours to 5 business days, and the threshold of affected consumers that triggers breach notification has changed from 250 to 500. |