Sec. 5. As used in this chapter, "cybersecurity event" means an event resulting in unauthorized access to or a disruption or misuse of an information system or nonpublic information stored on the information system that has a reasonable likelihood of materially harming a consumer or any material part of the normal operations of the licensee. However, the term does not include the following:
(1) The unauthorized acquisition of encrypted nonpublic information if the encryption, process, or key is not also acquired, released, or used without authorization.
(2) An event in which a licensee has determined that the nonpublic information accessed by an unauthorized person has not been used or released and has been returned or destroyed.
As added by P.L.130-2020, SEC.10.