Information that cannot reasonably identify, relate to, describe, be capable of being associated with, or be linked, directly or indirectly, to a particular consumer, provided that a business that uses deidentified information:
- Has implemented technical safeguards that prohibit reidentification of the consumer to whom the information may pertain;
- Has implemented business processes that specifically prohibit reidentification of the information;
- Has implemented business processes to prevent inadvertent release of deidentified information; and,
- Makes no attempt to reidentify the information.