State Breach Disclosure Laws - Update

Five states (and D.C.) have put data breach disclosure laws in the books in recent months. Article includes links to full text of each law.

Since publication (in February) of our interactive guide to state data breach disclosure laws, the following states (and D.C.) have passed new legislation.

Alaska:

Full text of Alaska breach disclosure law [pdf]:

http://www.legis.state.ak.us/PDF/25/Bills/HB0065Z.PDF

Notification: As soon as possible, without unreasonable delay

Civil penalty of up to $500 for each resident who was not notified. Total penalty may not exceed $50,000.

Exemption: Publicly available government data

Disclosure not required if it is determined that there is not a reasonable likelihood that harm to the affected consumers will result.

Disclosure may be delayed if law enforcement officials determine it will interfere with a criminal investigation.

Iowa:

Full text of Iowa breach disclosure law:

http://coolice.legis.state.ia.us/Cool-ICE/default.asp?category=billinfo&service=billbook&GA=82&hbill=SF2308

Notification: As soon as possible, without unreasonable delay

Disclosure not required if it is determined that there is not a reasonable likelihood that harm to the affected consumers will result.

Disclosure may be delayed if law enforcement officials determine it will interfere with a criminal investigation.

South Carolina:

Full text of South Carolina breach disclosure law:

http://www.scstatehouse.net/sess117_2007-2008/bills/453.htm

Notification: As soon as possible, without unreasonable delay

Law allows state residents to place security freezes on their consumer credit reports

Virginia:

Full text of Virginia breach disclosure law:

http://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+18.2-186.6

Notification: Without unreasonable delay

Civil penalty not to exceed $150,000 for violations

Exemption: Publicly available government data

Law does not apply to not apply to criminal intelligence maintained by law-enforcement agencies of the state and the organized Criminal Gang File of the Virginia Criminal Information Network (VCIN)

Washington D.C.

Full text of Washington D.C. breach disclosure law [pdf]:

http://www.dccouncil.washington.dc.us/images/00001/20061218135855.pdf

Notification: As soon as possible, without unreasonable delay

Civil penalty not to exceed $100 for each violation

West Virginia

Full text of West Virginia breach disclosure law:

http://www.legis.state.wv.us/Bill_Text_HTML/2008_SESSIONS/RS/BILLS/SB340%20SUB1.htm

Notification: Without unreasonable delay

Disclosure may be delayed if law enforcement officials determine it will interfere with a criminal investigation.

No civil penalty unless the court finds that the defendant has engaged in a course of repeated and willful violations. Civil penalty shall not exceed $150,000 per breach.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies