Identity theft; notification of breach of information system. (SB1224)

Introduced By

Sen. Janet Howell (D-Reston)


Passed Committee
Passed House
Passed Senate
Signed by Governor
Became Law


Database breach notification. Requires an individual or a commercial entity that conducts business in Virginia and that owns or licenses computerized data that includes personal information to conduct in good faith a reasonable and prompt investigation when it becomes aware of a breach of the security of the system. If the investigation determines that misuse of information has or is reasonably likely to occur, the individual or commercial entity shall give notice to the Virginia resident as soon as possible. Notification must be made in good faith, in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the computerized data system. The bill also contains alternative notification provisions. The Office of the Attorney General may bring an action in law or equity to address violations of this section and other appropriate relief. The provisions of this bill, as they apply to governmental entities, become effective July 1, 2008. Amends § 18.2-186.6, of the Code of Virginia. Read the Bill »


Bill Has Failed


01/10/2007Prefiled and ordered printed; offered 01/10/07 079200744
01/10/2007Referred to Committee for Courts of Justice
01/17/2007Impact statement from DPB (SB1224)
02/06/2007Left in Courts of Justice
02/06/2007Letter sent to the Governor

Duplicate Bills

The following bills are identical to this one: HB2140.


Waldo Jaquith writes:

Wonderful. The high-profile data losses that occurred in the past year make blindingly obvious the importance of passing this bill.