Brief Description: Addressing breaches of security that compromise personal information.

Sponsors: Senate Committee on Financial Institutions, Housing & Consumer Protection (originally sponsored by Senators Brandland, Fairley, Benson, Keiser, Schmidt, Spanel, Benton, Franklin, Berkey, Kohl-Welles and Rasmussen).

Senate Committee on Financial Institutions, Housing & Consumer Protection
House Committee on Financial Institutions & Insurance

Background: ChoicePoint, a large corporation dealing with 19 billion public records that include personal and financial data on millions of consumers, recently was the victim of a security breach. Due to this problem 144,778 consumers, more than 3,000 of them Washingtonians, had personal information exposed to a criminal enterprise. In California, a state law requires notification of consumers when such a data security breach occurs. California is the only state with a notification law.

Summary: Any agency, person, or business that owns and licenses computerized data that includes personal information, is required to inform Washington consumers of any breach of their data security, following discovery or notification of the beach. The notification must be made without unreasonable delay, consistent with the needs of law enforcement. Notification may not impede a criminal investigation.

"Personal information" covered by the duty to notify includes: social security numbers, driver's license, or ID card numbers; and credit and debit card numbers in combination with access codes. Personal information does not include publically-available information from federal, state, and local government records.

Notice of the security breach may be provided by written or electronic notice, or by a "substitute notice" by e-mail, conspicuous website posting, or major statewide media.

As a matter of public policy, consumers cannot waive their right to notice.

Remedies include a civil action to recover damages, or injunctive relief against a business that violates the notice requirements.

Votes on Final Passage:

Senate      47   0
House      97   1

Effective: July 24, 2005