News
State Breach Disclosure Laws - Update
Five states (and D.C.) have put data breach disclosure laws in the books in recent months. Article includes links to full text of each law.
By Joan Goodchild
July 29, 2008 — Since publication (in February) of our interactive guide to state data breach disclosure laws, the following states (and D.C.) have passed new legislation.
Alaska:
Full text of Alaska breach disclosure law [pdf]:
http://www.legis.state.ak.us/PDF/25/Bills/HB0065Z.PDF
Notification: As soon as possible, without unreasonable delay
Civil penalty of up to $500 for each resident who was not notified. Total penalty may not exceed $50,000.
Exemption: Publicly available government data
Disclosure not required if it is determined that there is not a reasonable likelihood that harm to the affected consumers will result.
Disclosure may be delayed if law enforcement officials determine it will interfere with a criminal investigation.
Iowa:
Full text of Iowa breach disclosure law:
http://coolice.legis.state.ia.us/Cool-ICE/default.asp?category=billinfo&service=billbook&GA=82&hbill=SF2308
Notification: As soon as possible, without unreasonable delay
Disclosure not required if it is determined that there is not a reasonable likelihood that harm to the affected consumers will result.
Disclosure may be delayed if law enforcement officials determine it will interfere with a criminal investigation.
South Carolina:
Full text of South Carolina breach disclosure law:
http://www.scstatehouse.net/sess117_2007-2008/bills/453.htm
Notification: As soon as possible, without unreasonable delay
Law allows state residents to place security freezes on their consumer credit reports
Virginia:
Full text of Virginia breach disclosure law:
http://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+18.2-186.6
Notification: Without unreasonable delay
Civil penalty not to exceed $150,000 for violations
Exemption: Publicly available government data
Law does not apply to not apply to criminal intelligence maintained by law-enforcement agencies of the state and the organized Criminal Gang File of the Virginia Criminal Information Network (VCIN)
Washington D.C.
Full text of Washington D.C. breach disclosure law [pdf]:
http://www.dccouncil.washington.dc.us/images/00001/20061218135855.pdf
Notification: As soon as possible, without unreasonable delay
Civil penalty not to exceed $100 for each violation
West Virginia
Full text of West Virginia breach disclosure law:
http://www.legis.state.wv.us/Bill_Text_HTML/2008_SESSIONS/RS/BILLS/SB340%20SUB1.htm
Notification: Without unreasonable delay
Disclosure may be delayed if law enforcement officials determine it will interfere with a criminal investigation.
No civil penalty unless the court finds that the defendant has engaged in a course of repeated and willful violations. Civil penalty shall not exceed $150,000 per breach.
Other stories by Joan Goodchild
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
