February 21, 2020

February 20, 2020

Subscribe to Latest Legal News and Analysis

February 19, 2020

Subscribe to Latest Legal News and Analysis

February 18, 2020

Subscribe to Latest Legal News and Analysis

Washington’s Breach Law Amended, Effective March 2020

Washington joins Massachusetts as the second state this year to amend its data breach notification law. The amendments will not take effect, however, until March 1, 2020. As amended, the definition of personal information has been expanded to include name and date of birth, making Washington only the second state (North Dakota being the other) with this element in its law. Also included are name and student and military ID number, passport number; name and health insurance numbers or medical information; and name and biometric information. Also included in the definition of personal information are now login credentials.

In addition to expanding the definition of personal information, the law will also require notification to impacted individuals and the attorney general (if move than 500 residents have been impacted) by 30 days, rather than the current 45. When providing notice, companies will also need to explain the “time frame of exposure,” in addition to existing content requirements (like the types of information impacted).

Putting it Into Practice: Companies will have time before the Washington amendment goes into effect, but should keep in mind that beginning next year the scope of personal information has been broadened in Washington, and that the time frame for notification will be shortened to 30 days.

Copyright © 2020, Sheppard Mullin Richter & Hampton LLP.


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...