October 20, 2021

Volume XI, Number 293

Advertisement
Advertisement

October 19, 2021

Subscribe to Latest Legal News and Analysis

October 18, 2021

Subscribe to Latest Legal News and Analysis

Virginia Updates its Data Breach Notification Law to Include Tax Preparers

For the second consecutive year Virginia has amended its data breach notification law. In March 2017, in light of a warning issued by the IRS to all employers regarding the resurgence of a W-2 based cyber scam, Virginia Governor Terry McAuliffe approved, a first of its kind, amendment to Virginia’s data breach notification statute. The amendmentrequired employers and payroll service providers to notify the Virginia Office of the Attorney General of “unauthorized access and acquisition of unencrypted computerized data containing a taxpayer identification number in combination with the income tax withheld for an individual”. Now, Virginia has again amended it’s data breach notification law. This amendment requires any income tax return preparer who has primary responsibility for accuracy of the preparation of a return or claim for refund (“signing income tax return preparer”) and who prepares Virginia individual income tax returns during a calendar year to notify Virginia’s Department of Taxation, without unreasonable delay, if they discover or are notified of a breach of “return information”. The new amendment, HB 183, will come into effect July 1, 2018.

Under the new amendment, “return information” is defined as “a taxpayer’s identity and the nature, source, or amount of his income, payments, receipts, deductions, exemptions, credits, assets, liabilities, net worth, tax liability, tax withheld, assessments, or tax payments.”

A signing income tax preparer required to notify the Department of Taxation of a breach must include:

  • names of affected taxpayers;
  • taxpayer identification numbers of affected taxpayers;
  • the name of the signed income tax preparer;
  • the tax preparer’s tax identification number; and
  • such other information as the Department of Taxation may prescribe.

Virginia continues a growing trend of states that have enacted or strengthened their data breach notification laws, of late. 

Jackson Lewis P.C. © 2021National Law Review, Volume VIII, Number 179
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Principal

Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm's Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and...

973- 538-6890
Jason C. Gavejian, Employment Attorney, Jackson Lewis, Principal, Restrictive Covenants Lawyer
Principal

Jason C. Gavejian is a Principal in the Morristown, New Jersey, office of Jackson Lewis P.C. and a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

Mr. Gavejian represents management exclusively in all aspects of employment litigation, including restrictive covenants, class-actions, harassment, retaliation, discrimination and wage and hour claims in both federal and state courts. Additionally, Mr. Gavejian regularly appears before administrative agencies,...

(973) 538-6890
Attorney

Maya Atrakchi is the Knowledge Management (“KM”) Attorney for Jackson Lewis P.C.’s Privacy, e-Communication and Data Security and International Employment Issues Practice Groups, and is based in the New York City, New York, office of Jackson Lewis P.C.

212-545-4000
Advertisement
Advertisement
Advertisement