Puerto Rico Security Breach Laws 

Definition of Personal Information file: A file containing at least the name or first initial and the surname of a person, together with any of the following data so that an association may be established between certain information with another and in which the information is legible enough so that in order to access it there is no need to use a special cryptographic code:
  
(a) Social security number.
(b) Driver's license number, voter's identification or other official identification.    
(c) Bank or financial account numbers of any type with or without passwords or access code that may have been assigned.    
(d) Names of users and passwords or access codes to public or private information systems.    
(e) Medical information protected by the HIPAA.    
(f) Tax information.    
(g) Work-related evaluations.    
  
Summary: Any entity that is the proprietor or custodian of a data bank for commercial use that includes personal information of citizens who reside in Puerto Rico must notify said citizens of any violation of the system's security when the data bank whose security has been violated contains all or part of the personal information file and the same is not protected by a cryptographic code but only by a password. 

 
Visit the state Web site