DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Washington AG Ferguson bill strengthening data breach laws passes Legislature

Posted on April 23, 2019 by Dissent

From the Washington Attorney General’s Office yesterday, a press release on an expansion of the breach notification requirements. Of special note, under the new law, a hacker acquiring a name in combination with a student ID would trigger notification obligations, but only if the information was not secured or made unusable (e.g., by encryption) AND  the breach is reasonably likely to subject consumers to a risk of harm. If there’s no reasonably likely risk of harm, then there is still no notification obligation, it seems — unless I’m reading the bill text incorrectly. I expect a number of law firms will be blogging about these amendments to the state law.


OLYMPIA — Today, with a unanimous, bipartisan vote, state legislators passed a bill requested by Attorney General Ferguson that strengthens data breach notification laws.

The bill expands consumer data breach notification requirements to include more types of consumer information. It also reduces the deadline to notify consumers to 30 days from 45 days. Rep. Shelley Kloba, D-Kirkland, sponsored the bill, which passed the House in a unanimous, bipartisan vote on March 1.

“My office has seen the number of Washingtonians impacted by data breaches increase year after year,” Ferguson said. “Data breaches are a serious threat to our privacy, and this law will arm consumers with information to protect their sensitive data.”

“Not only is the amount of data being collected and stored about consumers increasing, the number of breaches of secure storage of the data is increasing at an alarming rate as well.“ Kloba said. “This bill updates our consumer protection laws to shorten the notification time from 45 days to 30 days, so that consumers are made aware of a breach more quickly and can take protective action.  Additionally, companies who collect and store data will need to pay more attention to safeguarding it against internal and external threats.”

Sen. Joe Nguyen, D-White Center, sponsored a companion bill in the Senate.

“Time and time again, millions of Americans have had their most private information stolen and abused due to poor corporate stewardship over the data we entrust them with,” Nguyen said. “This legislation will ensure that we have mechanisms for accountability put in place so that when a data breach occurs, we can act quickly and decisively to mitigate further harm.”

Without this new law, a business or government organization affected by a data breach is only required to notify consumers if a hacker obtains a consumer’s name in combination with social security numbers, driver’s license numbers, state ID numbers or financial account information.

The new law requires organizations to also notify consumers if a hacker accesses a consumer’s name in combination with the following:

  • Full birth dates
  • Health insurance ID numbers
  • Medical history
  • Student ID numbers
  • Military ID numbers
  • Passport ID numbers
  • Usernames and passwords
  • Biometric data, such as DNA profiles or fingerprints
  • Electronic signatures

The bill also requires notice to the Attorney General within 30 days of the discovery of a data breach.

Data breaches are a growing threat to Washington residents, businesses and agencies. Data breaches affected nearly 3.4 million Washingtonians between July 2017 and July 2018, a 26 percent increase over the previous year, according to the Attorney General’s Office third annual data breach report.

Source: Washington Attorney General’s Office

No related posts.

Category: Breach LawsOf NoteState/LocalU.S.

Post navigation

← Italy’s DPA Fines Data Processor for Information Security Failures
The Lack of an Adequate HIPAA Security Risk Assessment is a Common and Costly Mistake by Healthcare Providers: What Providers Can Do Now →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.