Puerto Rico Data Breach Notification

The Puerto Rico Citizen Information of Data Banks Security Act, originally HB 1184, signed into law in 2005, requires that any entity that is the proprietor or custodian of a data bank for commercial use that includes personal information of citizens who reside in Puerto Rico must notify said citizens of any violation of the system’s security when the data bank whose security has been violated contains all or part of the personal information file and the same is not protected by a cryptographic code, but only by a password. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• Puerto Rico Data Breach Notification: Account and Password
• Puerto Rico Data Breach Notification: Name and CCN
• Puerto Rico Data Breach Notification: Name and Password (Wide)
• Puerto Rico Data Breach Notification: Name and Password (Default)
• Puerto Rico Data Breach Notification: Name and Password (Narrow)
• Puerto Rico Data Breach Notification: Name and SSN
• Puerto Rico Data Breach Notification: Password Dissemination for HTTP Traffic (Wide)
• Puerto Rico Data Breach Notification: Password Dissemination for HTTP Traffic (Default)
• Puerto Rico Data Breach Notification: Password Dissemination for HTTP Traffic (Narrow)