Lege Enacted: 3 States, New Laws. Data Security Trends

3 states have enacted new data security reforms. Most recently, Washington State  joined Wyoming and Montana. Washington’s reforms include, according to JD Supra:

• Expands coverage to hard copy data as well as electronic or “computerized” data;
• Requires notification of the Washington Attorney General if more than 500 Washington residents are required to be notified;
• Imposes a 45-day deadline for notification of affected consumers and, when required, of the Washington Attorney General;
• Empowers the Washington Attorney General to enforce the statute by bringing actions under the state’s consumer protection act;
• Mandates certain content in the consumer notification, including the name and contact information of the reporting business, a list of the types of PI subject to the breach, and the toll-free telephone numbers and addresses of consumer reporting agencies;
• Introduces a safe harbor for PI that is “secured” or encrypted in a manner that meets or exceeds the National Institute of Standards and Technology (NIST) standard “or is Otherwise modified so that it is rendered unreadable, unusable, or undecipherable by an unauthorized person;” and
• Adds language that exempts certain covered entities from compliance if they otherwise comply with certain federal laws. 

Davis Wright Tremaine LLP