New Data Breach Law in the State of Washington

New Data Breach Law in the State of Washington

Washington’s H.B. 1071 is a security breach notification law that was recently passed in the U.S. state of Washington in 2020. Washington’s H.B. 1071 was passed for the purpose of amending previous data breach notification legislation within the state, by taking into account the new forms of personal information that may be compromised during a data breach such as biometrics, as well as electronic records. With this being said, Washington’s H.B. 1071, in conjunction with legislation such as Washington’s Revised Code Ann. 19.375.020, provides residents of the state of Washington with legal protections as it concerns data protection and privacy.

What are the data breach notification requirements under Washington’s H.B. 1071?

Under Washington’s H.B. 1071, business entities within the state of Washington are required to provide residents within the state with the following information in the event that a security breach occurs:

What’s more, the law also requires business entities to provide notification to the Washington attorney general if a data breach affects more than 500 residents within the state. To this point, these notifications must contain the following information:

What categories of personal information are protected under Washington’s H.B. 1071?

Under Washington’s H.B. 1071, the following categories of personal information are protected from disclosure in the event of a security breach, in combination with a Washington state resident’s first name or first initial and last name, in instances where the information has not been encrypted:

What are the penalties for violating Washington’s H.B. 1071?

As it pertains to punishments for failure to comply with the law, the provisions set forth in Washington’s H.B. 1071 are enforced by the Washington attorney general. To this end, business entities within Washington state that are found to be in violation of the law are subject to a number of penalties. Most notably, the law allows residents within the state “to institute a civil action to recover damages” in instances where they believe their rights have been violated under the law. Alternatively, violations of Washington’s H.B. 1071 are also considered to be unfair or deceptive acts, as well as an unfair method of competition, in accordance with other applicable legislation within the state. Furthermore, if a security breach results in a Washington state resident taking a financial loss, the financial institution that experienced the breach is legally liable for the said loss under the provisions of the law.

While every state and territory within the U.S. has passed some form of legislation regarding security breach incidents, many of these laws were passed before the prevalence of online communication as we know it today. As such, the provisions of Washington’s H.B. 1071 numerous forms of personal information in the event of a data breach, as the adverse effects that can result from a security breach are very different from the effects that consumers would have experienced ten or fifteen years ago. Moreover, Washington’s H.B. 1071 represents just one facet of a larger legal framework that Washington state has enacted over a number of years, with the goal of protecting the personal information of residents within the state.

Related Reads