New Washington D.C. Data Breach Notification Law Takes Effect
On May 19, 2020, legislative changes to the Washington D.C. data breach notification law took effect. The changes were introduced in March and significantly updated existing breach notification requirements. There has been a major expansion of data classified as personal information that warrants breach notifications if subjected to unauthorized access and new data security requirements have been introduced.
Prior to the change, notifications were required if personal information such as names, phone numbers, and addresses were exposed in combination with a Social Security number, driver’s license number, DC ID card, or credit/debit card number or if numbers and codes were breached that allowed credit or finance accounts to be accessed.
The change has seen several other data elements added to the list. Breach notifications are now required if any of the following data is breached, even in the absence of a name if the data could be used for identity theft:
Health insurance information
Genetic data and DNA profiles...