Data Breach Notification in Washington Amended

Washington State Legislature passed a set of amendments to Washington’s data breach notification statutes for businesses and government agencies.

Key updates are:

1. Timing for notice of data breach to both consumers and the Attorney General was changed, from 45 days to 30 days. The existing exception for law enforcement delays remained.

2. The definition of personal information was updated. The amendments expand the types of personal information that, if breached, trigger an obligation to notify consumers. Additions include full names and in combination with:

social security number
driver's license
account number, credit or debit card number together with security or access code or password
full date of birth
private key for electronic signatures
student, military or passport ID number
health insurance numbers
medical information
biometric data

3. More notice requirements around login credentials, requiring businesses to prompt users to change their passwords and take appropriate measures to protect their privacy.

4. Businesses will be required to include information on the length of time of exposure. Furthermore, the notice to the Attorney General will need to include types of personal information involved, length of time of exposure and containment steps.

Once signed, the amendments to the bill will take effect March 1, 2020.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

Video analytics has come a long way in the past two years. Improvements to edge-based data algorithms have helped companies like Public Storage reduce the number of false alarms and protect properties better than ever before.