An entity subject to or regulated by federal laws, rules, regulations, procedures, or guidance on data breach notification established or enforced by the federal government is exempt from this chapter as long as the entity does all of the following:
(1) Maintains procedures pursuant to those laws, rules, regulations, procedures, or guidance.
(2) Provides notice to affected individuals pursuant to those laws, rules, regulations, procedures, or guidance.
(3) Timely provides a copy of the notice to the Attorney General when the number of individuals the entity notified exceeds 1,000.
Last modified: May 3, 2021