(a) Information that identifies or reasonably can be used to identify an individual, such as first and last name in combination with the individual's:
(i) Social security number or other government-issued number or identifier;
(ii) Date of birth;
(iii) Home or physical address;
(iv) Email address or other online contact information or internet provider address;
(v) Financial account number or credit or debit card number;
(vi) Biometric data, health or medical data, or insurance information; or
(vii) Passwords or other credentials that permit access to an online or other account;
(b) Personally identifiable financial or insurance information, including nonpublic personal information defined by applicable federal law; and
(c) Any combination of data that, if accessed, disclosed, modified, or destroyed without authorization of the owner of the data or if lost or misused, would require notice or reporting under chapter
19.255 RCW and federal privacy and data security law, whether or not the administrator or the administrator's agent is subject to the law.
(2) A provision of this section or RCW
63.30.820 through
63.30.880 that applies to the administrator or the administrator's records applies to an administrator's agent.