Quick Facts
Breach Based on Harm Threshold: YES
Deadline for Consumer Notice: Most expedient time possible without unreasonable delay
Government Notification Required: NO*
Scope of This Summary:
Notification requirements applicable to persons doing business or a person with more than 10 employees that own, license, or maintain covered info. Some types of businesses may be exempt from some or all of these requirements, and non-commercial entities may be subject to different requirements.
Risk of Harm Threshold
Notification not required if, after appropriate investigation and after written notification to the Alaska Attorney General, covered entity determines that there is not a reasonable likelihood that harm to consumer has resulted or will result from the breach.
Breach Defined
Unauthorized acquisition, or reasonable belief of unauthorized acquisition, that compromises the security, confidentiality, or integrity of the covered info, excluding certain good-faith acquisitions by employees or agents.
Encryption Safe Harbor
Statute does not apply to information that is encrypted or redacted, so long as the encryption key was not accessed or acquired.
Form of Covered Info
Electronic or Paper
Covered Information
First name or first initial and last name in combination with any one or more of the following data elements:
- Social Security number.
- Driver's license number or state identification card number.
- Account number, credit card number, or debit card number, except if these can only be accessed with a personal code, then the account, credit card, or debit card number in combination with any required security code, access code, personal identification number, or password.
- Passwords, personal identification numbers, or other access codes for financial accounts.
Consumer Notice Timing
Must be made in the most expeditious time possible and without unreasonable delay, consistent with any measures to determine the scope of the breach and to restore the reasonable integrity of the system.
Consumer Notice Method
By written notice or electronic notice (if it is the primary method of communication with resident or is consistent with E-SIGN). Substitute notice is available if certain criteria are satisfied.
Consumer Notice Content
Content of notice undefined.
Delayed Notice
Notification may be delayed if law enforcement determines that notice will interfere with a criminal investigation.
Government Notice
* Written notification to Alaska Attorney General required only if you do not send notice because you have determined harm threshold is not reached.
Consumer Reporting Agency Notice
If more than 1,000 residents notified, must notify all nationwide Consumer Reporting Agencies without unreasonable delay of timing, distribution, and content of the consumer notice.
Exceptions for Other Laws
The above-described Consumer Reporting Agency Notice does not apply to an information collector subject to the Gramm-Leach-Bliley Financial Services Modernization Act (GLBA).
Third-Party Notice
If you maintain covered info on behalf of another entity, you must notify it immediately following discovery of a breach. Must cooperate by sharing relevant information about breach, except for confidential business info or trade secrets.
Private Right of Action
In Alaska, a violation of the data breach notification statute by a non-governmental agency is a violation of the Alaska Unfair Trade Practices and Consumer Protection Act.
Potential Penalties
An individual who suffers a loss resulting from a violation of the statute may recover actual: Economic damages not to exceed $500; Costs and attorneys' fees.
This summary is for informational purposes only. It provides general information and not legal advice or opinions regarding specific facts. Additional requirements or conditions may apply to any or all provisions referenced herein. For more information about the state data breach notification laws or other data security matters, please seek the advice of counsel.
Last revised on June 15, 2023