Identity theft; notice of database breach. (HB1469)
Introduced By
Del. Kathy Byron (R-Lynchburg)
Progress
✓ |
Introduced |
✓ |
Passed Committee |
✓ |
Passed House |
✓ |
Passed Senate |
✓ |
Signed by Governor |
☐ |
Became Law |
Description
Database breach notification. Requires an individual or entity that owns or licenses computerized data that includes personal information to disclose any breach of the security of the system following discovery or notification of the breach to any resident of the Commonwealth whose unencrypted and unredacted personal information was, or is reasonably believed to have been accessed and acquired by an unauthorized person. A breach is defined as the unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security or confidentiality of personal information maintained by an individual or entity as part of a database of personal information regarding multiple individuals and that causes, or the individual or entity reasonably believes has caused, or will cause, identity theft or other fraud to any resident of the Commonwealth. Violations by a state-charted or licensed financial institution shall be enforceable exclusively by the financial institution's primary state regulator. All other violations shall be enforced by the Office of the Attorney General, which may obtain either actual damages or a civil penalty not to exceed $150,000 per breach or series of breaches of a similar nature that are discovered in a single investigation. Read the Bill »
Outcome
History
Date | Action |
---|---|
01/16/2008 | Presented and ordered printed 085686448 |
01/16/2008 | Referred to Committee on Science and Technology |
01/24/2008 | Impact statement from DPB (HB1469) |
01/29/2008 | Assigned S & T sub: #1 |
02/04/2008 | Reported from Science and Technology with substitute (21-Y 0-N) (see vote tally) |
02/05/2008 | Committee substitute printed 085707448-H1 |
02/06/2008 | Read first time |
02/07/2008 | Read second time |
02/07/2008 | Committee substitute agreed to 085707448-H1 |
02/07/2008 | Engrossed by House - committee substitute HB1469H1 |
02/07/2008 | Impact statement from DPB (HB1469H1) |
02/08/2008 | Read third time and passed House BLOCK VOTE (99-Y 0-N) |
02/08/2008 | VOTE: BLOCK VOTE PASSAGE (99-Y 0-N) (see vote tally) |
02/08/2008 | Communicated to Senate |
02/11/2008 | Constitutional reading dispensed |
02/11/2008 | Referred to Committee for Courts of Justice |
02/28/2008 | Reported from Courts of Justice with substitute (15-Y 0-N) |
02/29/2008 | Committee substitute printed 089603448-S1 |
03/03/2008 | Impact statement from DPB (HB1469S1) |
03/03/2008 | Constitutional reading dispensed (40-Y 0-N) |
03/04/2008 | Read third time |
03/04/2008 | Reading of substitute waived |
03/04/2008 | Committee substitute agreed to 089603448-S1 |
03/04/2008 | Engrossed by Senate - committee substitute HB1469S1 |
03/04/2008 | Passed Senate with substitute (40-Y 0-N) |
03/05/2008 | Placed on Calendar |
03/05/2008 | Senate substitute agreed to by House 089603448-S1 (99-Y 0-N) |
03/05/2008 | VOTE: --- ADOPTION (99-Y 0-N) |
03/07/2008 | Enrolled |
03/07/2008 | Bill text as passed House and Senate (HB1469ER) |
03/07/2008 | Signed by Speaker |
03/09/2008 | Signed by President |
03/10/2008 | Impact statement from DPB (HB1469ER) |
04/02/2008 | G Approved by Governor-Chapter 801 (effective 7/1/08) |
Comments
Requires an individual or entity that owns or licenses computerized data that includes personal information to disclose any breach of the security of the system following discovery or notification of the breach to any resident of the Commonwealth whose unencrypted and unredacted personal information was, or is reasonably believed to have been accessed and acquired by an unauthorized person.