§ 75-61. Definitions.
§ 75‑61. Definitions.
The following definitionsapply in this Article:
(1) "Business". A sole proprietorship, partnership, corporation, association, or other group,however organized and whether or not organized to operate at a profit. The termincludes a financial institution organized, chartered, or holding a license orauthorization certificate under the laws of this State, any other state, theUnited States, or any other country, or the parent or the subsidiary of anysuch financial institution. Business shall not include any government orgovernmental subdivision or agency.
(2) "Consumer". An individual.
(3) "Consumerreport" or "credit report". Any written, oral, or othercommunication of any information by a consumer reporting agency bearing on aconsumer's creditworthiness, credit standing, credit capacity, character,general reputation, personal characteristics, or mode of living which is usedor expected to be used or collected in whole or in part for the purpose ofserving as a factor in establishing the consumer's eligibility for any of thefollowing:
a. Credit to be usedprimarily for personal, family, or household purposes.
b. Employment purposes.
c. Any other purposeauthorized under 15 U.S.C. § 168l(b).
(4) "Consumerreporting agency". Any person who, for monetary fees, dues, or on acooperative nonprofit basis, regularly engages in whole or in part in thepractice of assembling or evaluating consumer credit information or otherinformation on consumers for the purpose of furnishing consumer reports tothird parties.
(5) "Creditcard". Has the same meaning as in section 103 of the Truth in LendingAct (15 U.S.C. § 160, et seq.).
(6) "Debitcard". Any card or device issued by a financial institution to aconsumer for use in initiating an electronic fund transfer from the accountholding assets of the consumer at such financial institution, for the purposeof transferring money between accounts or obtaining money, property, labor, orservices.
(7) "Disposal"includes the following:
a. The discarding orabandonment of records containing personal information.
b. The sale, donation,discarding, or transfer of any medium, including computer equipment or computermedia, containing records of personal information, or other nonpaper media uponwhich records of personal information are stored, or other equipment fornonpaper storage of information.
(8) "Encryption". The use of an algorithmic process to transform data into a form in which thedata is rendered unreadable or unusable without use of a confidential processor key.
(9) "Person". Any individual, partnership, corporation, trust, estate, cooperative,association, government, or governmental subdivision or agency, or otherentity.
(10) "Personalinformation". A person's first name or first initial and last name incombination with identifying information as defined in G.S. 14‑113.20(b).Personal information does not include publicly available directories containinginformation an individual has voluntarily consented to have publicly disseminatedor listed, including name, address, and telephone number, and does not includeinformation made lawfully available to the general public from federal, state,or local government records.
(11) "Properidentification". Information generally deemed sufficient to identify aperson. If a person is unable to reasonably identify himself or herself withthe information described above, a consumer reporting agency may requireadditional information concerning the consumer's employment and personal or familyhistory in order to verify the consumer's identity.
(12) "Records". Any material on which written, drawn, spoken, visual, or electromagneticinformation is recorded or preserved, regardless of physical form orcharacteristics.
(13) "Redaction". The rendering of data so that it is unreadable or is truncated so that nomore than the last four digits of the identification number is accessible aspart of the data.
(14) "Securitybreach". An incident of unauthorized access to and acquisition of unencryptedand unredacted records or data containing personal information where illegaluse of the personal information has occurred or is reasonably likely to occuror that creates a material risk of harm to a consumer. Any incident ofunauthorized access to and acquisition of encrypted records or data containingpersonal information along with the confidential process or key shallconstitute a security breach. Good faith acquisition of personal information byan employee or agent of the business for a legitimate purpose is not a securitybreach, provided that the personal information is not used for a purpose otherthan a lawful purpose of the business and is not subject to furtherunauthorized disclosure.
(15) "Securityfreeze". Notice placed in a credit report, at the request of theconsumer and subject to certain exceptions, that prohibits the consumerreporting agency from releasing all or any part of the consumer's credit reportor any information derived from it without the express authorization of the consumer.(2005‑414,s. 1.)