Democratic District of Columbia Attorney General Karl Racine introduced legislation to the D.C. Council yesterday that aims to strengthen data breach protections for consumers.
The legislation, the Security Breach Protection Amendment Act of 2019, looks to expand both the scope of personal information covered by existing data breach protection laws and the disclosure requirements for companies that have been breached.
The expanded conditions proposed in the bill include creating clearer timeframes for companies to report breaches, requiring companies to issue written notice of breaches, and specifying the security requirements for the protection of personal information.
The bill also indicates that violating the requirements for protecting personal information would be an unlawful trade practice, and that companies will have to provide two years of identity theft prevention services if they face a breach that result in the compromise of Social Security or tax identification information.