An individual's first name or first initial and last name in combination with one or more of the following data elements may give rise to data breach notification obligations:

• Social Security Number or tax ID number, or an identity protection personal identification number issued by the IRS.
• Driver's license number, state-issued ID card number, passport number, military ID number, or other unique ID number issued on a government document used to verify the identity of a specific individual.
• Birth or marriage certificate.
• Financial account number, or credit or debit card number, alone or in combination with any required security code or password that would allow access to the individual's financial account.
• Any information regarding an individual's medical history, mental or physical condition, or medical treatment or diagnosis by a healthcare professional.
• Health insurance policy number or subscriber ID number and any unique identifier used by a health insurer to identify the individual.
• Unique biometric data, such as a fingerprint, retina or iris image, or other unique physical representation or digital representation of biometric data.
• Information or data collected through the use or operation of an automated license plate recognition system.
• Genetic data (any data, regardless of its format, that results from the analysis of a biological sample of an individual, or from another source enabling equivalent information to be obtained, and concerns genetic material. Genetic material includes, but is not limited to, DNA, RNA, genes, chromosomes, alleles, genomes, alterations or modifications to DNA or RNA, single nucleotide polymorphisms, uninterpreted data that results from analysis of the biological sample or other source, and any information extrapolated, derived, or inferred therefrom).
• Information collected by an adult-oriented website operator or their designee.
• Digital signatures.