Privacy Impact Assessment Guide: 7 Best Practices to Master PIAs
One of data privacy’s greatest challenges is that it can all feel...Read Now
December 18, 2019
The United States of America has 50 states. all of those American states have at least one state data privacy law. This is a great big list of data privacy laws by state created. If we have missed any state privacy laws or if you believe any of these state privacy laws may be incorrect, please get in touch.
New York has the infamous New York Shield Law - Read more about New York's Data Privacy Law Here
Data Breach Notification
Businesses are required to notify affected Washington residents when the business reasonably believes that an unauthorized person has acquired unencrypted personal information. Notice should take place without unreasonable delay, but not later than 45 days after a determination that a breach has occurred. Unauthorized access does not constitute a breach if the information accessed was encrypted, and the business reasonably believes that the encryption key was not acquired. If the personal data was acquired in good faith by an employee or agent of the business and not used for an unauthorized purpose or subject to further unauthorized disclosure it does not constitute a breach. Notification is not required if after an appropriate investigation or consultation the business determines that there is no reasonable likelihood of harm to the affected consumers.
“Encrypted” in this case means that the security of the information must meet or exceed the National Institute of Standards and Technology (NIST).
For a breach affecting greater than 500 consumers, the business is required to notify the Attorney General within 30 days of notice of the breach. The notice to the Attorney General must include the number of consumers affected by the breach. If the number is not known, then an estimate will suffice.
Noah is an Osano staff attorney focusing on data privacy best practices, legislative monitoring, and policy monitoring. When he's not writing about or researching data privacy Noah enjoys rock climbing and yoga.