D.C. Council Passes Data Security Bill

March 4, 2020

D.C. Council Voted to Modernize Consumer Protections Against Data Breaches, Enhance Security and Reporting Requirements for Companies

The District of Columbia has passed the Security Breach Protection Amendment Act of 2019. Last March, the Office of the Attorney General (OAG) introduced the legislation to modernize the District’s existing data breach law and strengthen protections for residents’ personal information. The Council passed the bill unanimously.

“Thanks to Chairman Mendelson and the entire Council for putting residents’ privacy and security front and center,” said Attorney General Karl A. Racine. “This law brings the District of Columbia into the vanguard of state and local governments that have required companies collecting vast amounts of personal information to take appropriate precautions that safeguard consumers’ health, financial, and other data. And because laws without enforcement and accountability are toothless, OAG’s Security Breach Protection Amendment Act strengthens the District’s ability to hold companies responsible if they fail to implement reasonable protections for D.C. residents.”

A data breach occurs when sensitive or confidential information is intentionally or accidentally released by a company or an individual. These releases of information may happen because of lax security or as a result of hacking or cyber-attacks. Data breaches often result in the public disclosure of personally identifiable information like names, addresses, and phone numbers, or financial information, like bank and credit card details. Recent years have seen some of the largest and most serious data breaches in history, including the Equifax breach, which exposed the personal information of over 143 million people, including nearly 350,000 District residents.

The new legislation expands legal protections to cover additional types of personal information from identity theft and fraud, requires companies that deal with personal information to implement safeguards, includes additional reporting requirements for companies that suffer a data breach, and requires companies that expose consumers’ social security numbers to offer 18 months of free identity theft protection.

Terms of Use | Copyright © 2002 - 2020 CONSTITUENTWORKS SM  CORPORATION. All rights reserved. | Privacy Statement