In a newsletter sent out by the Washington State Attorney General’s office earlier today, they call for a new data breach notification law for the State of Washington. There are several points that are raised in the newsletter but the one that got my attention was the call for an end to the blanket notification exemption for encrypted data. Will this be a new trend?
What do you think?
Here are the key points from the newsletter:
The proposed legislation strengthens Washington’s data breach notification law by:
– Eliminating the blanket exemption for encrypted data;
– Requiring consumer notification as immediately as possible and no later than 30 days whenever personal information is likely compromised;
– Requiring that the Attorney General be notified within 30 days when a data breach occurs at a business, non-profit or public agency, enabling the Attorney General to compile centralized information about data breaches for law enforcement and consumers; and
– Requiring businesses, non-profits and agencies, when reporting a breach, to provide consumers with basic information they can use to help secure or recover their identities.
(disclosure – sorry for formatting errors, blogged from iPad in Starbucks!)