Identity theft; notification of breach of information system. (HB1154)

Introduced By

Del. Scott Lingamfelter (R-Woodbridge)


Passed Committee
Passed House
Passed Senate
Signed by Governor
Became Law


Database breach notification. Requires an individual or a commercial entity that conducts business in Virginia and that owns or licenses computerized data that includes personal information to notify a resident of Virginia of any breach of the security of the system immediately following the discovery of a breach in which unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. Notification must be made in good faith, in the most expedient time possible, and without unreasonable delay, consistent with the legitimate needs of law enforcement and with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the computerized data system. The bill also contains alternative notification provisions. For a private civil action to recover damages, the award is triple the amount of actual damages plus reasonable attorney fees. The Office of the Attorney General may also bring an action in law or equity to address violations of this section and other appropriate relief. Read the Bill »


01/23/2006: Failed to Pass in Committee


01/11/2006Prefiled and ordered printed; offered 01/11/06 063881380
01/11/2006Referred to Committee on Science and Technology
01/23/2006Continued to 2007 in Science and Technology