A data security legislative proposal titled “Security Breach Protection Amendment Act of 2019” has been introduced by D.C. Attorney General Karl Racine on March 21, in response to major breaches of personal data.
The bill urges strengthening privacy and enhancing legal security protections around personal information.
Aiming to prevent data leaks, the bill resembles the legislation being considered in New Jersey which also calls for notification in case of breach of personal information.
If passed, the bill would broaden the definition of personal information in D.C. more than in New Jersey. The scope of “personal information” in the new legislation would include passport numbers, taxpayer identification numbers, military ID numbers, health information, biometric data, DNA profiles, and health insurance information.
Under the new bill, the businesses experiencing data leak will be required to include specific points in the notifications to their customers such as categories of information involved in the breach, contact information for the person making the notification, and credit reporting agencies, the FTC, and the D.C. Attorney General.
The bill would also mandate businesses to offer two years of free identity theft protection if the breach involves Social Security numbers.
Companies handling personal information would be forced to implement reasonable safeguards to protect that data. All these changes would add D.C. in the group of states like California, Colorado, and Massachusetts where such bills are also being considered for increased digital data security.