§ 715C.1 — Definitions

Iowa § 715C.1

• Jurisdiction: Iowa
• Title XVI: CRIMINAL LAW AND PROCEDURE
• Ch. 715C: PERSONAL INFORMATION SECURITY BREACH PROTECTION

Text

As used in this chapter, unless the context otherwise requires:
1. “Breach of security” means unauthorized acquisition of personal information
maintained in computerized form by a person that compromises the security, confidentiality,
or integrity of the personal information. “Breach of security” also means unauthorized
acquisition of personal information maintained by a person in any medium, including on
paper, that was transferred by the person to that medium from computerized form and that
compromises the security, confidentiality, or integrity of the personal information. Good
faith acquisition of personal information by a person or that person’s employee or agent for
a legitimate purpose of that person is not a breach of security, provided that the personal
information is not used in violation of applicable law or in a manner that harms or poses an
actual threat to the security, confidentiality, or integrity of the personal information.
2. “Consumer” means an individual who is a resident of this state.
3. “Consumer reporting agency” means the same as defined by the federal Fair Credit
Reporting Act, 15 U.S.C. §1681a.
4. “Debt” means the same as provided in section 537.7102.
5. “Encryption” means the use of an algorithmic process pursuant to accepted industry
standards to transform data into a form in which the data is rendered unreadable or unusable
without the use of a confidential process or key.
6. “Extensionofcredit”meanstherighttodeferpaymentofdebtortoincurdebtanddefer
its payment offered or granted primarily for personal, family, or household purposes.
7. “Financial institution” means the same as defined in section 536C.2, subsection 6.
8. “Identity theft” means the same as provided in section 715A.8.
9. “Payment card” means the same as defined in section 715A.10, subsection 4, paragraph
“c”.
10. “Person” means an individual; corporation; business trust; estate; trust; partnership;
limited liability company; association; joint venture; government; governmental subdivision,
agency, or instrumentality; public corporation; or any other legal or commercial entity.
11. a. “Personal information” means an individual’s first name or first initial and last
name in combination with any one or more of the following data elements that relate to the
individual if any of the data elements are not encrypted, redacted, or otherwise altered by
any method or technology in such a manner that the name or data elements are unreadable
or are encrypted, redacted, or otherwise altered by any method or technology but the keys
to unencrypt, unredact, or otherwise read the data elements have been obtained through the
breach of security:
(1) Social security number.
(2) Driver’s license number or other unique identification number created or collected by
a government body.
(3) Financial account number, credit card number, or debit card number in combination
with any required expiration date, security code, access code, or password that would permit
access to an individual’s financial account.
(4) Uniqueelectronicidentifierorroutingcode, incombinationwithanyrequiredsecurity
code, access code, or password that would permit access to an individual’s financial account.
(5) Unique biometric data, such as a fingerprint, retina or iris image, or other unique
physical representation or digital representation of biometric data.
b. “Personal information” does not include information that is lawfully obtained from
§715C.1, PERSONAL INFORMATION SECURITY BREACH PROTECTION 2
publicly available sources, or from federal, state, or local government records lawfully made
available to the general public.
12. “Redacted” means altered or truncated so that no more than five digits of a social
security number or the last four digits of other numbers designated in section 715A.8,
subsection 1, paragraph “a”, are accessible as part of the data.