In March, the Council of Washington D.C. signed into law the Security Breach Protection Amendment Act of 2019. An amendment to D.C.’s existing data breach law, this act broadens consumer protections in the event of a data breach event. For instance, the act expands the definition of “personal information” in relation to the data compromised in a breach. Data elements now comprised by this definition include:
- Taxpayer Identification Number
- Passport Number
- Military Identification Number
- Financial Account Number
- Medical Information
- Health Insurance Information
- Usernames/Email Addresses
The act also encompasses any general combination of data elements that would allow a third party to commit identity theft. The act also requires individual notices to affect consumers to include more information. An individual notice now must include:
- Types of Data Compromised
- Contact Information for the Entity Reporting the Breach
- Toll-Free Numbers for Credit Reporting Agencies, the FTC, and D.C. Attorney General
- Information re: Right to Obtain Cost-Free Security Freeze
The act further adds new security standards for entities handling D.C.’s resident personal information and requires a report to the D.C. Attorney General if 50+ D.C. residents are affected by a breach. Moreover, the act requires entities to provide consumers free identity theft protection for a minimum of eighteen months if a data breach involves social security numbers or taxpayer identification numbers. Entities who suffer a breach and violate any provision of the amended law must then pay $1,500 per violation to the consumer.
The law is projected to take effect by June 13th, 2020.
Are you a D.C. resident with questions regarding your rights in the event of a data breach event?
If so, we would like to hear from you. Please complete the contact form on this page, send us an email at [email protected], or give us a call at (202) 470-3520.
Committed to Consumer Protection
The lawyers at Migliaccio & Rathod LLP have years of experience in class action litigation against large corporations, including in cases involving data privacy. More information about our current cases and investigations is available on our blog.