Identity theft; notice of database breach. (HB1469)
Introduced By
Del. Kathy Byron (R-Lynchburg)
Progress
√ |
Introduced |
√ |
Passed Committee |
√ |
Passed House |
√ |
Passed Senate |
√ |
Signed by Governor |
√ |
Became Law |
Description
Database breach notification. Requires an individual or entity that owns or licenses computerized data that includes personal information to disclose any breach of the security of the system following discovery or notification of the breach to any resident of the Commonwealth whose unencrypted and unredacted personal information was, or is reasonably believed to have been accessed and acquired by an unauthorized person. A breach is defined as the unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security or confidentiality of personal information maintained by an individual or entity as part of a database of personal information regarding multiple individuals and that causes, or the individual or entity reasonably believes has caused, or will cause, identity theft or other fraud to any resident of the Commonwealth. Violations by a state-charted or licensed financial institution shall be enforceable exclusively by the financial institution's primary state regulator. All other violations shall be enforced by the Office of the Attorney General, which may obtain either actual damages or a civil penalty not to exceed $150,000 per breach or series of breaches of a similar nature that are discovered in a single investigation. Amends § 18.2-186.6 (“Breach of personal information notification.”), of the Code of Virginia. View Full Text »
Comments
Requires an individual or entity that owns or licenses computerized data that includes personal information to disclose any breach of the security of the system following discovery or notification of the breach to any resident of the Commonwealth whose unencrypted and unredacted personal information was, or is reasonably believed to have been accessed and acquired by an unauthorized person.