Procedures Deemed in Compliance with Security Breach

Requirements.

(a)Information Privacy or Security Policy. An entity that maintains its own notification procedures as part of an information privacy or security policy for the treatment of personal information and that are consistent with the timing requirements of this Chapter shall be deemed to be in compliance with the notification requirements of this Chapter if it notifies residents of Guam in accordance with its procedures in the event of a breach of security of the system.

(b)Compliance with Federal requirements. COL 052809 CH. 48 NOTIFICATION OF BREACHES OF PERSONAL INFORMATION

(1)A financial institution that complies with the notification requirements prescribed by the Federal Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice is deemed to be in compliance with this Chapter.

(2)An entity that complies with the notification requirements or procedures pursuant to the rules, regulations, procedures, or guidelines established by the entity’s primary or functional Federal regulator shall be in compliance with this Chapter.