Washington Attorney General Bob Ferguson’s legislation strengthening the state’s data breach notification law passed the state Senate, 47 to 0.
It passed the House of Representatives March 4, 97 to 0. The bill now heads to Governor Jay Inslee for his signature.
The legislation strengthens Washington’s data breach notification law by:
- Eliminating the blanket exemption for encrypted data;
- Requiring consumer notification as immediately as possible and no later than 45 days whenever personal information is likely compromised;
- Requiring that the Attorney General be notified within 45 days when a data breach occurs at a business, non-profit or public agency, enabling the Attorney General to compile centralized information about data breaches for law enforcement and consumers; and
- Requiring businesses, non-profits and agencies, when reporting a breach, to provide consumers with basic information they can use to help secure or recover their identities.
The senate version, Senate Bill 5047, is sponsored by Sen. John Braun, R—Centralia.
The House version of the Attorney General’s agency-request legislation, House Bill 1078, is sponsored by Rep. Zack Hudgins, D—Tukwila.
SOURCE: Washington Attorney General Bob Ferguson