State of Washington Expands Breach Notice Laws

A new law in Washington expanded regulations that mandate when consumers must be notified if a malicious actor gains access to their private data, according to a press release from the state’s office of the attorney general (AG).

In response to AG Bob Ferguson’s request for legislators to strengthen the state’s data breach notification laws, lawmakers voted unanimously in favor of HB 1071-2019-20, which the speaker signed on April 24.

“Not only is the amount of data being collected and stored about consumers increasing, the number of breaches of secure storage of the data is increasing at an alarming rate as well," Rep. Shelley Kloba, who sponsored the bill, said in the press release.

“This bill updates our consumer protection laws to shorten the notification time from 45 days to 30 days, so that consumers are made aware of a breach more quickly and can take protective action. Additionally, companies who collect and store data will need to pay more attention to safeguarding it against internal and external threats.”

In addition to reducing the notification time frame, the consumer data breach notification requirements bill was expanded to include more types of consumer information, such as usernames, passwords and passport numbers. The earlier bill had only mandated that consumers be notified if a data breach exposed their names in addition to other personal information, such as social security or driver’s license numbers.

“My office has seen the number of Washingtonians impacted by data breaches increase year after year,” Ferguson said in the press release. “Data breaches are a serious threat to our privacy, and this law will arm consumers with information to protect their sensitive data.”

Two senators sponsored a companion bill, SB 5046-2019-20, which remains in the Senate committee; however, another bill that would give citizens the right to know the types of data that companies are collecting, storing and selling has yet to pass the state’s legislature, according to a Tripwire blog post.

“This bill overwhelmingly cleared Washington’s Senate floor earlier in 2019 after a vote of 46 to 1,” the blog said, but it has not yet arrived on the floor of the House.

What’s Hot on Infosecurity Magazine?