An entity subject to or regulated by state laws, rules, regulations, procedures, or guidance on data breach notification that are established or enforced by state government, and are at least as thorough as the notice requirements provided by this chapter, is exempt from this chapter so long as the entity does all of the following:
(1) Maintains procedures pursuant to those laws, rules, regulations, procedures, or guidance.
(2) Provides notice to affected individuals pursuant to the notice requirements of those laws, rules, regulations, procedures, or guidance.
(3) Timely provides a copy of the notice to the Attorney General when the number of individuals the entity notified exceeds 1,000.
Last modified: May 3, 2021