"Reasonable determination" of a data breach is defined as "when the carrier has information indicating that it is more likely than not that there was a breach" and "does not mean reaching a conclusion regarding every fact surrounding a data security incident that may constitute a breach."
Personal identifiable information (PII) wasn't included in previous reporting requirements.
[
add
]
[
|
|
...
]