- (a) If a licensee, based upon its investigation, can determine from its logs or other data precisely which customers' information has been improperly accessed, it may limit notification to those customers with regard to whom the licensee determines that misuse of their information has occurred or is reasonably possible.
- (b) If the licensee is unable to identify which specific customers' information has been accessed, it shall notify all customers by substitute notice in accordance with RSA 359-C:20 III. (d).
Source. #8901, eff 7-1-07; ss by #8901, eff 7-1-07, EXPIRED: 7-1-15 New. #11015, eff 1-8-16