New Washington D.C. Data Breach Notification Law Takes Effect

HIPAA Journal

On May 19, 2020, legislative changes to the Washington D.C. data breach notification law took effect. The changes were introduced in March and significantly updated existing breach notification requirements. There has been a major expansion of data classified as personal information that warrants breach notifications if subjected to unauthorized access and new data security requirements have been introduced.

Prior to the change, notifications were required if personal information such as names, phone numbers, and addresses were exposed in combination with a Social Security number, driver’s license number, DC ID card, or credit/debit card number or if numbers and codes were breached that allowed credit or finance accounts to be accessed.

The change has seen several other data elements added to the list. Breach notifications are now required if any of the following data is breached, even in the absence of a name if the data could be used for identity theft:

Medical information

Health insurance information

Genetic data and DNA profiles...

Get the Morning Update

Thanks for subscribing!