New data breach protections give Washington one of the most robust data breach notification policies in the country.
Effective March 1, 2020, amendments to the Washington State data breach notification extended the definition of personal information, shortened the deadlines for notification, and imposed additional requirements for notice contents.
In 2015, the Legislature passed legislation to update Washington’s data breach notification statute. Washington’s law requires businesses and governments to notify the Attorney General’s Office after experiencing breaches affecting the personal information of at least 500 Washingtonians.
The new law reduced the deadline to notify consumers and the Attorney General’s Office of a data breach from 45 to 30 days and expanded the definition of “personal information”. If a security breach affects more than 500 Washington residents, electronic notification must also be provided to the Attorney General's Office at SecurityBreach@atg.wa.gov.
Personal information (PI) includes an individual’s first name or first initial and last name in combination with any of the following:
Social Security number;
Drivers license number or Washington identification card number;
Account number or credit or debit card number, in combination with any required security code, access code, or password that would permit access to their account;
Student, military, or passport identification numbers;
Health insurance policy or identification numbers;
Full date of birth;
Private keys for electronic signature;
Medical information, including medical history, mental or physical condition, diagnoses, or treatment;
Biometric data including fingerprints, voiceprints, eye retina, iris scans, or other unique characteristics are used to identify a specific individual.
“In 2020, the total number of breaches reported to our office decreased by 15%, and yet the total number of Washingtonians impacted by breaches rose by 67%, with nearly 65% resulting from a malicious cyberattack.”
Bob Ferguson, Washington State Attorney General
Attorney General Bob Ferguson’s fifth annual Data Breach Report, released in October 2020, showed that the number of Washingtonians affected by breaches just about doubled in the last year and ransomware attacks tripled.
This 2020 report is based on data breach notifications received by the Attorney General’s Office between July 24, 2019, and July 23, 2020, that affected more than 500 Washingtonians’ personal information.
Source: Washington State Office of the Attorney General
Data security breach notifications sent to the Attorney General’s Office are available for review at Data Breach Notifications.
Businesses must invest in security and be ready to respond if a breach occurs. Part of your preparedness program should be staying current on data breach legislation at the state level. Mintz is a useful online resource to review Data Breach Notification Laws by state.
Image Courtesy of Mintz
Teknologize is a SOC 2 certified, Professional Technology Services company with clients throughout the Pacific Northwest. We have offices located in:
Questions about your IT or Cybersecurity? Give us a call today!