Identity theft; notice of database breach. (HB1469)

Introduced By

Del. Kathy Byron (R-Lynchburg)

Progress

Introduced
Passed Committee
Passed House
Passed Senate
Signed by Governor
Became Law

Description

Database breach notification. Requires an individual or entity that owns or licenses computerized data that includes personal information to disclose any breach of the security of the system following discovery or notification of the breach to any resident of the Commonwealth whose unencrypted and unredacted personal information was, or is reasonably believed to have been accessed and acquired by an unauthorized person. A breach is defined as the unauthorized access and acquisition of unencrypted and unredacted computerized data that compromises the security or confidentiality of personal information maintained by an individual or entity as part of a database of personal information regarding multiple individuals and that causes, or the individual or entity reasonably believes has caused, or will cause, identity theft or other fraud to any resident of the Commonwealth. Violations by a state-charted or licensed financial institution shall be enforceable exclusively by the financial institution's primary state regulator. All other violations shall be enforced by the Office of the Attorney General, which may obtain either actual damages or a civil penalty not to exceed $150,000 per breach or series of breaches of a similar nature that are discovered in a single investigation. Read the Bill »

Outcome

Bill Has Passed

History

DateAction
01/16/2008Presented and ordered printed 085686448
01/16/2008Referred to Committee on Science and Technology
01/24/2008Impact statement from DPB (HB1469)
01/29/2008Assigned S & T sub: #1
02/04/2008Reported from Science and Technology with substitute (21-Y 0-N) (see vote tally)
02/05/2008Committee substitute printed 085707448-H1
02/06/2008Read first time
02/07/2008Read second time
02/07/2008Committee substitute agreed to 085707448-H1
02/07/2008Engrossed by House - committee substitute HB1469H1
02/07/2008Impact statement from DPB (HB1469H1)
02/08/2008Read third time and passed House BLOCK VOTE (99-Y 0-N)
02/08/2008VOTE: BLOCK VOTE PASSAGE (99-Y 0-N) (see vote tally)
02/08/2008Communicated to Senate
02/11/2008Constitutional reading dispensed
02/11/2008Referred to Committee for Courts of Justice
02/28/2008Reported from Courts of Justice with substitute (15-Y 0-N)
02/29/2008Committee substitute printed 089603448-S1
03/03/2008Impact statement from DPB (HB1469S1)
03/03/2008Constitutional reading dispensed (40-Y 0-N)
03/04/2008Read third time
03/04/2008Reading of substitute waived
03/04/2008Committee substitute agreed to 089603448-S1
03/04/2008Engrossed by Senate - committee substitute HB1469S1
03/04/2008Passed Senate with substitute (40-Y 0-N)
03/05/2008Placed on Calendar
03/05/2008Senate substitute agreed to by House 089603448-S1 (99-Y 0-N)
03/05/2008VOTE: --- ADOPTION (99-Y 0-N)
03/07/2008Enrolled
03/07/2008Bill text as passed House and Senate (HB1469ER)
03/07/2008Signed by Speaker
03/09/2008Signed by President
03/10/2008Impact statement from DPB (HB1469ER)
04/02/2008G Approved by Governor-Chapter 801 (effective 7/1/08)

Comments

Virginia ITSP Association, tracking this bill in Photosynthesis, notes:

Requires an individual or entity that owns or licenses computerized data that includes personal information to disclose any breach of the security of the system following discovery or notification of the breach to any resident of the Commonwealth whose unencrypted and unredacted personal information was, or is reasonably believed to have been accessed and acquired by an unauthorized person.