HI SB1178

Expands the definition of "personal information" in Chapter 487N (data breach notification law) to include new categories: identifiers (name, username, phone number, email) and specified data elements (social security numbers, government IDs, financial account numbers, biometric data, health insurance numbers, and authentication credentials).

Replaces the old requirement that personal information must combine a name with specific financial or identification data, allowing notification requirements to trigger when any identifier is combined with any specified data element.

Adds licensees subject to the Insurance Data Security Law (Article 3B, Chapter 431) to the list of businesses deemed compliant with data breach notification requirements, alongside existing financial institutions and healthcare providers.

Excludes publicly available information lawfully obtained from government records and medical information protected by HIPAA from the expanded definition of personal information.

Takes effect July 1, 2050.