5092-S.E AMH CHAM VANJ 076

  

ESSB 5092 - H AMD TO H AMD (H-1459.2/21) 532

By Representative Chambers

NOT ADOPTED 04/03/2021

On page 422, after line 9, insert the following:

"NEW SECTION. Sec. 772. FOR THE OFFICE OF FINANCIAL MANAGEMENT-STATE DIGITAL DATA BREACH ACCOUNT
General Fund-State Appropriation (FY 2022) . . . . . . . . $75,000,000
  TOTAL APPROPRIATION . . . . . . . . . . . . . $75,000,000

The appropriation in this section is subject to the following conditions and limitations: The appropriation is provided solely for expenditure into the state digital data breach account created in section 951 of this act."

On page 444, after line 22, insert the following:

"NEW SECTION. Sec. 951. A new section is added to chapter 4.92 RCW to read as follows:
 (1) The state digital data breach account is created in the custody of the state treasurer. Revenues to the account consist of legislative appropriations and transfers and other revenues provided by law. Expenditures from the account may only be used for the payment of eligible claims as provided in subsection (2) of this section. Only the director or the director's designee may authorize expenditures from the account. The account is subject to allotment procedures under chapter 43.88 RCW, but an appropriation is not required for expenditure.
 (2) Expenditures from the account may only be used for the department of enterprise services' office of risk management to operate a digital data breach reimbursement claims program. In the event of a breach of the security of the system owned or operated by the state that results in the release of personal information, individuals whose personal information was released may submit a claim for reimbursement to the office of risk management for the following costs incurred within one year of the date of the breach:
 (a) Identity restoration services if an individual discovers unauthorized use of their personal information as a result of the state data breach;
 (b) Losses from unauthorized charges to financial accounts that result in direct financial harm to the individual;
 (c) The cost for a new driver's license; and
 (d) Costs for one year of credit monitoring.
 (3) All claims brought under the digital data breach reimbursement claims program created in subsection (2) of this section against the state, or against the state's officers, employees, or volunteers, acting in such capacity, for damages, must be presented to the office of risk management within one year of the breach. A claim is deemed presented when the claim form is delivered in person or by regular mail, registered mail, or certified mail, with return receipt requested, or as an attachment to email or by fax, to the office of risk management. The office of risk management must develop a standardized claim form for individuals to use to submit a claim. The office must review all claims and determine if the claim is eligible for payment.
 (4) For the purposes of this section, "breach of the security of the system" and "personal information" have the meanings defined in RCW 19.255.005."

Renumber the remaining sections consecutively and correct any internal references accordingly.

Correct the title.

EFFECT:   Creates the State Digital Data Breach Program Account and appropriates $75.0 million General Fund-State into the account. Provides that expenditures from the account may be used for the Department of Enterprise Services Office of Risk Management to administer a digital data breach reimbursement claims program.

FISCAL IMPACT:

 Increases General Fund - State by $75,000,000.

--- END ---