News Alert: WA & OR Data Breach Notification Laws (Updated)

News alert! Wa and or data breach notification laws (update)

Washington State’s new Data Breach Notification law goes into effect Friday, July 24th, and Oregon’s new law goes into effect January 1. The revisions to these laws highlight the need for companies to be prepared to deliver a swift and accurate response to any data breach.

These are complex requirements, and mistakes made in violations of these laws will open the door to litigation.

 

Washington’s new Data Breach Notification law strengthens the old law in several ways:

  • The law now applies to paper records as well as computerized records;
  • There is a hard deadline to report large breaches within 45 days of discovery;
  • Breach notification letters must be in plain language and contain details of the breach;
  • Revises what it means for data to be considered “encrypted” or “secured;”
  • Adds requirements to send notices of large breaches to the State Attorney General;
  • and Gives the State Attorney General the right to bring a claim.

Similarly, the changes to Oregon’s new version of the Consumer Identity Theft Protection Act include:

  • Expanded definition of “personal information” to include biometric data such as fingerprints and medical information;
  • Companies must notify the Attorney General if the breach includes over 250 Oregon residents;
  • Gives the State Attorney General power to bring an action under the Unlawful Trade Practice Act.

Insurance coverage is an important part of any organization’s preparation. A good insurance company will have the right personnel at the fingertips of its policyholders, from a “breach coach,” to legal advisors, to public relations and forensic experts, to notification services.

When you only have 45-days for notification, time is extremely valuable. Why waste it trying to put a response team together when it could be spent solving the problem at-hand. If you have Cyber Insurance, your team has already been assembled.

Source: RCW 19.255.010-020 and 42.56.590 and ORS 646A.604.  

Click to read the Riddell Williams post on this topic