Data Breach Notification in Washington Amended

Washington State Legislature passed a set of amendments to Washington’s data breach notification statutes for businesses and government agencies.

Key updates are:

1. Timing for notice of data breach to both consumers and the Attorney General was changed, from 45 days to 30 days. The existing exception for law enforcement delays remained.

2. The definition of personal information was updated. The amendments expand the types of personal information that, if breached, trigger an obligation to notify consumers. Additions include full names and in combination with:

social security number
driver's license
account number, credit or debit card number together with security or access code or password
full date of birth
private key for electronic signatures
student, military or passport ID number
health insurance numbers
medical information
biometric data

3. More notice requirements around login credentials, requiring businesses to prompt users to change their passwords and take appropriate measures to protect their privacy.

4. Businesses will be required to include information on the length of time of exposure. Furthermore, the notice to the Attorney General will need to include types of personal information involved, length of time of exposure and containment steps.

Once signed, the amendments to the bill will take effect March 1, 2020.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.