40-12-501. Definitions.
(a) As used in this act:
(i) "Breach of the security of the data system" means unauthorized acquisition of computerized data that materially compromises the security, confidentiality or integrity of personal identifying information maintained by a person or business and causes or is reasonably believed to cause loss or injury to a resident of this state. Good faith acquisition of personal identifying information by an employee or agent of a person or business for the purposes of the person or business is not a breach of the security of the data system, provided that the personal identifying information is not used or subject to further unauthorized disclosure;
(ii) "Consumer" means any person who is utilizing or seeking credit for personal, family or household purposes;
(iii) "Consumer reporting agency" means any person whose business is the assembling and evaluating of information as to the credit standing and credit worthiness of a consumer, for the purposes of furnishing credit reports, for monetary fees and dues to third parties;
(iv) "Credit report" means any written or oral report, recommendation or representation of a consumer reporting agency as to the credit worthiness, credit standing or credit capacity of any consumer and includes any information which is sought or given for the purpose of serving as the basis for determining eligibility for credit to be used primarily for personal, family or household purposes;
(v) "Creditor" means the lender of money or vendor of goods, services or property, including a lessor under a lease intended as a security, rights or privileges, for which payment is arranged through a credit transaction, or any successor to the right, title or interest of any such lender or vendor, and an affiliate, associate or subsidiary of any of them or any director, officer or employee of any of them or any other person in any way associated with any of them;
(vi) "Financial institution" means any person licensed or chartered under the laws of any state or the United States as a bank holding company, bank, savings and loan association, credit union, trust company or subsidiary thereof doing business in this state;
(vii) "Personal identifying information" means the first name or first initial and last name of a person in combination with one (1) or more of the data elements specified in W.S. 6-3-901(b)(iii) through (xiv), when the data elements are not redacted.
(A) Repealed by Laws 2015, ch. 63, § 2.
(B) Repealed by Laws 2015, ch. 63, § 2.
(C) Repealed by Laws 2015, ch. 63, § 2.
(D) Repealed by Laws 2015, ch. 63, § 2.
(E) Repealed by Laws 2015, ch. 63, § 2.
(viii) "Redact" means alteration or truncation of data such that no more than five (5) digits of the data elements provided in subparagraphs (vii)(A) through (D) of this subsection are accessible as part of the personal information;
(ix) "Security freeze" means a notice placed in a consumer's credit report, at the request of the consumer, that prohibits the credit rating agency from releasing the consumer's credit report or any information from it relating to an extension of credit or the opening of a new account, without the express authorization of the consumer;
(x) "Substitute notice" means:
(A) An electronic mail notice when the person or business has an electronic mail address for the subject persons;
(B) Conspicuous posting of the notice on the website page of the person or business if the person or business maintains one; and
(C) Publication in applicable local or statewide media.
(xi) "This act" means W.S. 40-12-501 through 40-12-511.
(b) "Personal identifying information" as defined in paragraph (a)(vii) of this section does not include information, regardless of its source, contained in any federal, state or local government records or in widely distributed media that are lawfully made available to the general public.