Bradley Barth reports:
More than 5.3 million residents of North Carolina were victims of data breaches in 2017 – an escalating trend that has prompted state Attorney General Josh Stein (D) and state Rep. Jason Saine (R) to introduce newly proposed legislation to prevent further incidents and protect the public.
Unveiled on Jan. 8, the bipartisan “Act to Strengthen Identity Theft Protections” updates the state’s definition of a data breach, expanding the scope to include ransomware attacks. It also requires that affected companies report any such incident to the public and the AG’s office within 15 days.
Additionally, the bill also requires businesses that own or license consumers’ personal information to execute reasonable security procedures and practices to protect said data, including medical records and insurance account numbers.
If a company fails to uphold its responsibilities, it will be considered a violation of the Unfair and Deceptive Trade Practices Act. According to a fact sheet detailing the proposed legislation, “each person affected by the breach represents a separate and distinct violation of the law.”
Read more on SC Magazine. So far, I haven’t found the actual bill text and media reports all seem to only point to the fact sheet linked above.