Wednesday, July 9, 2008
The General Assembly is now in session.

Tracking Virginia’s General Assembly
since 2007.

Search 2008 Bills:

SB307: Identity theft; notice of database breach.

Chief Patron

Sen. Roscoe Reynolds (D-20)

Roscoe Reynolds (D-20)
Served: 1997–

Progress

Yes Introduced
Yes Passed Committee
Yes Passed House
Yes Passed Senate
Yes Signed by Governor
Yes Became Law

Status

03/11/2008: signed by governor

View Entire History

Summary

Database breach notification.  Requires that an individual or a commercial entity that conducts business in Virginia and that owns or licenses data that includes personal information about a resident of Virginia shall, when it becomes aware of a breach of the security of the system, (i) conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused and (ii) notify the Office of the Attorney General that a breach has occurred. A breach of the security of the system is defined as the unauthorized acquisition and access of unencrypted or unredacted data that compromises the security, confidentiality, or integrity of personal information maintained by an individual or a commercial entity. Types of notification meeting the requirements of this bill are listed, but not required if, after a reasonable investigation, the person or commercial entity determines that there is no reasonable likelihood of harm to affected Virginia residents. The Attorney General may bring an action in law to address violations and ensure proper compliance with this section. Nothing in this section shall limit an individual from recovering direct economic damages resulting from a violation of this section.

  View Full Text »

Video

Votes were cast on this bill on the following dates for which Richmond Sunlight has video: 01/10/2008, 01/24/2008, 01/24/2008, 02/07/2008, 02/07/2008, 02/08/2008, 02/08/2008, 02/11/2008, 02/12/2008, 02/26/2008, 02/26/2008, 02/28/2008, 02/28/2008, 02/29/2008, 03/06/2008 and 03/11/2008.

Comments

CVC, LLC, tracking this bill in Photosynthesis, notes:

Requires that an individual or a commercial entity that conducts business in Virginia and that owns or licenses data that includes personal information about a resident of Virginia shall, when it becomes aware of a breach of the security of the system, (i) conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused and (ii) notify the Office of the Attorney General that a breach has occurred.

Posted 6 months ago.
Support the Virginia Interfaith Center

Poll Results

1 vote

?

Tags

Separate each tag with a space: tax highway vdot. Multiple word tags must be enclosed within quotes: “capital murder”.

Bill Text

Subscribe

RSS Feed Keep track of the status of this bill as it moves through the General Assembly — subscribe via RSS.

About the Site | RSS Subscriptions | Contact Richmond Sunlight | Terms of Service

A program of the Virginia Interfaith Center. Created by Waldo Jaquith. Design based on Luka Cvrk's “Internet Services.”

“Sunlight is said to be the best of disinfectants.” —Justice Louis Brandeis, 1914