"De-identified data" means data that cannot reasonably be linked to an identified or identifiable individual because a controller that possesses the data:
- (1) takes reasonable measures to ensure that the data cannot be associated with an individual;
- (2) publicly commits to maintaining and using the data without attempting to re-identify the data; and
- (3) obligates any recipients of the data through contractual requirements to comply with all applicable provisions of this article.
As added by P.L.94-2023, SEC.1.