Section 10-501*2. Definitions  

For the purposes of this chapter,
    a. The term "personal identifying information" shall mean any person's
  date   of  birth,  social  security  number,  driver's  license  number,
  non-driver photo identification card number, financial services  account
  number  or code, savings account number or code, checking account number
  or code, brokerage account number or code, credit card account number or
  code, debit card number or code,  automated  teller  machine  number  or
  code,  personal  identification  number,  mother's maiden name, computer
  system password, electronic signature or unique biometric data that is a
  fingerprint, voice print, retinal image or iris image of another person.
  This term shall apply to all such data, notwithstanding  the  method  by
  which such information is maintained.
    b.   The  term  "breach  of  security"  shall  mean  the  unauthorized
  disclosure or use  by  an  employee  or  agent  of  an  agency,  or  the
  unauthorized possession by someone other than an employee or agent of an
  agency,   of  personal  identifying  information  that  compromises  the
  security, confidentiality or integrity of such information.  Good  faith
  or  inadvertent possession of any personal identifying information by an
  employee or agent of an  agency  for  the  legitimate  purposes  of  the
  agency,  and  good  faith or legally mandated disclosure of any personal
  identifying information by an employee or agent of  an  agency  for  the
  legitimate  purposes  of  the  agency  shall  not constitute a breach of
  security.