The office of cybersecurity, the office of privacy and data protection, and the attorney's general office must work with stakeholders to evaluate the impact to consumers and the consumer reporting agencies regarding the modifications in chapter 54, Laws of 2018. The report must include trends in data breaches including the frequency and nature of security breaches, best practices for preventing cybersecurity attacks, identity theft mitigation services available to consumers, and identity theft mitigation protocols recommended by the federal trade commission, the consumer financial protection bureau, and other relevant federal or state agencies. The report must be submitted to the house of representatives committee on business and financial services and the senate committee on financial institutions and insurance by December 1, 2020.