Identity theft; notice of database breach. (SB307)
Introduced By
Sen. Roscoe Reynolds (D-Martinsville)
Progress
✓ |
Introduced |
✓ |
Passed Committee |
✓ |
Passed House |
✓ |
Passed Senate |
✓ |
Signed by Governor |
☐ |
Became Law |
Description
Database breach notification. Requires that an individual or a commercial entity that conducts business in Virginia and that owns or licenses data that includes personal information about a resident of Virginia shall, when it becomes aware of a breach of the security of the system, (i) conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused and (ii) notify the Office of the Attorney General that a breach has occurred. A breach of the security of the system is defined as the unauthorized acquisition and access of unencrypted or unredacted data that compromises the security, confidentiality, or integrity of personal information maintained by an individual or a commercial entity. Types of notification meeting the requirements of this bill are listed, but not required if, after a reasonable investigation, the person or commercial entity determines that there is no reasonable likelihood of harm to affected Virginia residents. The Attorney General may bring an action in law to address violations and ensure proper compliance with this section. Nothing in this section shall limit an individual from recovering direct economic damages resulting from a violation of this section. Read the Bill »
Outcome
History
Date | Action |
---|---|
01/08/2008 | Prefiled and ordered printed; offered 01/09/08 085678810 |
01/08/2008 | Referred to Committee for Courts of Justice |
01/10/2008 | Assigned Courts sub: Criminal |
01/24/2008 | Impact statement from DPB (SB307) |
02/06/2008 | Reported from Courts of Justice with substitute (15-Y 0-N) (see vote tally) |
02/07/2008 | Committee substitute printed 081553316-S1 |
02/08/2008 | Constitutional reading dispensed (40-Y 0-N) (see vote tally) |
02/11/2008 | Read second time |
02/11/2008 | Reading of substitute waived |
02/11/2008 | Committee substitute agreed to 081553316-S1 |
02/11/2008 | Engrossed by Senate - committee substitute SB307S1 |
02/11/2008 | Constitutional reading dispensed (40-Y 0-N) (see vote tally) |
02/11/2008 | Passed Senate (40-Y 0-N) (see vote tally) |
02/11/2008 | Communicated to House |
02/12/2008 | Placed on Calendar |
02/12/2008 | Read first time |
02/12/2008 | Referred to Committee on Science and Technology |
02/12/2008 | Impact statement from DPB (SB307S1) |
02/25/2008 | Reported from Science and Technology with substitute (18-Y 0-N) |
02/26/2008 | Committee substitute printed 085712316-H1 |
02/27/2008 | Read second time |
02/28/2008 | Passed by for the day |
02/29/2008 | Impact statement from DPB (SB307H1) |
02/29/2008 | Read third time |
02/29/2008 | Committee substitute agreed to 085712316-H1 |
02/29/2008 | Engrossed by House - committee substitute SB307H1 |
02/29/2008 | Passed House with substitute BLOCK VOTE (98-Y 0-N) |
02/29/2008 | VOTE: BLOCK VOTE PASSAGE (98-Y 0-N) |
03/04/2008 | House substitute agreed to by Senate (40-Y 0-N) |
03/05/2008 | Bill text as passed Senate and House (SB307ER) |
03/05/2008 | Enrolled |
03/05/2008 | Signed by Speaker |
03/06/2008 | Impact statement from DPB (SB307ER) |
03/06/2008 | Signed by President |
03/11/2008 | G Approved by Governor-Chapter 566 (effective 7/1/08) |
03/17/2008 | G Acts of Assembly Chapter text (CHAP0566) |
Comments
Requires that an individual or a commercial entity that conducts business in Virginia and that owns or licenses data that includes personal information about a resident of Virginia shall, when it becomes aware of a breach of the security of the system, (i) conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused and (ii) notify the Office of the Attorney General that a breach has occurred.