News
State Breach Disclosure Laws - Update
Five states (and D.C.) have put data breach disclosure laws in the books in recent months. Article includes links to full text of each law.
By Joan Goodchild
July 29, 2008 — Since publication (in February) of our interactive guide to state data breach disclosure laws, the following states (and D.C.) have passed new legislation.
Alaska:
Full text of Alaska breach disclosure law [pdf]:
http://www.legis.state.ak.us/PDF/25/Bills/HB0065Z.PDF
Notification: As soon as possible, without unreasonable delay
Civil penalty of up to $500 for each resident who was not notified. Total penalty may not exceed $50,000.
Exemption: Publicly available government data
Disclosure not required if it is determined that there is not a reasonable likelihood that harm to the affected consumers will result.
Disclosure may be delayed if law enforcement officials determine it will interfere with a criminal investigation.
Iowa:
Full text of Iowa breach disclosure law:
http://coolice.legis.state.ia.us/Cool-ICE/default.asp?category=billinfo&service=billbook&GA=82&hbill=SF2308
Notification: As soon as possible, without unreasonable delay
Disclosure not required if it is determined that there is not a reasonable likelihood that harm to the affected consumers will result.
Disclosure may be delayed if law enforcement officials determine it will interfere with a criminal investigation.
South Carolina:
Full text of South Carolina breach disclosure law:
http://www.scstatehouse.net/sess117_2007-2008/bills/453.htm
Notification: As soon as possible, without unreasonable delay
Law allows state residents to place security freezes on their consumer credit reports
Virginia:
Full text of Virginia breach disclosure law:
http://leg1.state.va.us/cgi-bin/legp504.exe?000+cod+18.2-186.6
Notification: Without unreasonable delay
Civil penalty not to exceed $150,000 for violations
Exemption: Publicly available government data
Law does not apply to not apply to criminal intelligence maintained by law-enforcement agencies of the state and the organized Criminal Gang File of the Virginia Criminal Information Network (VCIN)
Washington D.C.
Full text of Washington D.C. breach disclosure law [pdf]:
http://www.dccouncil.washington.dc.us/images/00001/20061218135855.pdf
Notification: As soon as possible, without unreasonable delay
Civil penalty not to exceed $100 for each violation
West Virginia
Full text of West Virginia breach disclosure law:
http://www.legis.state.wv.us/Bill_Text_HTML/2008_SESSIONS/RS/BILLS/SB340%20SUB1.htm
Notification: Without unreasonable delay
Disclosure may be delayed if law enforcement officials determine it will interfere with a criminal investigation.
No civil penalty unless the court finds that the defendant has engaged in a course of repeated and willful violations. Civil penalty shall not exceed $150,000 per breach.
Other stories by Joan Goodchild
Data Center Directions Virtual Conference
Attend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.
Maximizing Site Visitor Trust Using Extended Validation SSL
Now with Extended Validation (EV) SSL available from VeriSign, you can show your customers that they can trust your site. Learn about EV SSL benefits in the free VeriSign white paper.
- The Latest Advancements in SSL Technology
- Maximizing Site Visitor Trust Using Extended Validation SSL
- How to Offer the Strongest SSL Encryption
- Understanding Data Location is Imperative for Data Loss Prevention
- Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology
- Solving Online Credit Fraud Using Device Reputation
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
7th Annual Digital ID World
-
September 8 - 10, 2008Hilton AnaheimRegister now »
Anaheim, California
(ISC)2 members can earn up to 20 CPE Credits
Reference priority code ONLINE and save $800 off the full registration price — attend the program for $995
