WA Data Security Legislation

Hot Topic: How to protect and notify individuals in case of a data breach. Here’s Washington State’s proposal to upgrade their notification laws: Finally, unlike other states, Washington state law does not require any centralized reporting to the state when a data breach occurs, resulting in a lack of robust information for law enforcement and consumers.

The proposed legislation strengthens Washington’s data breach notification law by:

• Notification requirements when the data breach is encrypted data

• Establish notification timelines.

• Require consumer notification as immediately as possible and no later than 30 days whenever personal information is likely compromised

• Centralized reporting to the state to improve enforcement actions.

• Require the Attorney General to be notified within 30 days when a data breach occurs at a business, non-profit or public agency, enabling the Attorney General to compile centralized information about data breaches for law enforcement and consumers

• Require businesses, non-profits and agencies, when reporting a breach, to provide consumers with basic information they can use to help secure or recover their identities.   

Kirkland Report: WA House Bill 1078 & Senate Bill 5047