The District of Columbia Attorney General, Karl A. Racine, announced on 21 March 2019, that he had introduced a bill for the Security Breach Protection Amendment Act of 2019 ('the Bill'). In particular, the Bill would modernise the state’s data breach law by, among other things, holding companies accountable for safeguarding a broader range of personal information, creating security requirements for companies that handle personal information, requiring companies to provide identity theft protection if they expose social security numbers, and requiring companies to inform consumers of their rights when a data breach occurs. You can read the press release here, and the bill here. UPDATE (16 Ma
News
District of Columbia: AG introduces bill amending data breach law
March 22, 2019
Summary
The District of Columbia Attorney General, Karl A. Racine, introduced the Security Breach Protection Amendment Act of 2019 to update the state's data breach law. The bill expands the definition of personal information, establishes security requirements for companies handling such information, mandates identity theft protection for exposed social security numbers, and obligates companies to inform consumers about their rights post-breach. The bill was sent to the Mayor on 13 March 2020 for consideration, with a response due by 27 March 2020.