Data Breach Notification in Washington Amended

Washington State Legislature passed a set of amendments to Washington’s data breach notification statutes for businesses and government agencies.

Key updates are:

1. Timing for notice of data breach to both consumers and the Attorney General was changed, from 45 days to 30 days. The existing exception for law enforcement delays remained.

2. The definition of personal information was updated. The amendments expand the types of personal information that, if breached, trigger an obligation to notify consumers. Additions include full names and in combination with:

social security number
driver's license
account number, credit or debit card number together with security or access code or password
full date of birth
private key for electronic signatures
student, military or passport ID number
health insurance numbers
medical information
biometric data

3. More notice requirements around login credentials, requiring businesses to prompt users to change their passwords and take appropriate measures to protect their privacy.

4. Businesses will be required to include information on the length of time of exposure. Furthermore, the notice to the Attorney General will need to include types of personal information involved, length of time of exposure and containment steps.

Once signed, the amendments to the bill will take effect March 1, 2020.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.

ON DEMAND: Apple Mac computer use is growing in the corporate space. Having the solutions and the knowledge base to respond to events that include Mac computers is just as important as their Windows counterparts.