1. The Director may establish by regulation periodic reporting requirements for participants in the Program.
2. On request by the Director, a participant shall make any requested record, information or data available for inspection and copying by the Director.
3. Each participant shall retain, for not less than 2 years after the end of the prescribed period of testing or for such longer period as the Director requires by order or regulation, all records and data produced in the ordinary course of business relating to a financial product or service tested in the Program.
4. If a product or service fails before the end of the period of testing, the participant shall:
(a) Give written notice of the failure to the Director.
(b) Include in the notice a description of any action taken by the participant to protect consumers from financial loss or other harm caused by the failure.
5. In addition to providing any other disclosure or notice of the unauthorized acquisition of computerized data required by any applicable statute or regulation, a participant shall promptly notify the Director of any unauthorized acquisition of computerized data constituting a breach of the security of the system data as that term is defined in NRS 603A.020.
(Added to NRS by 2019, 3990, effective January 1, 2020)