Erin Jordan reports:
Data security breaches at big corporations, including Equifax and Target, spurred the Iowa Attorney General’s Office to seek changes to Iowa law to further protect consumers.
House Study Bill 526, discussed in a Judiciary subcommittee Tuesday, would update Iowa’s data breach notification act, which requires businesses, nonprofits and other entities hit by hackers to alert consumers and the state.
The update adds new categories of data, such as medical records. And although the law already requires reporting of information breaches “without reasonable delay,” the bill would add a 45-day maximum on reporting.
Read more on The Gazette.
One of the things the bill would change, although not mentioned in this article, is that it would apply to personal information in any form, and not just computerized data. And it significantly expands the definition of personal information. Do take a look at it. I hope we have more state attorneys general proposing such bills in the wake of Equifax, when state legislatures may be more inclined to actually pass stronger legislation.