District of Columbia Introduces Legislation on Data Privacy

District of Columbia Introduces Legislation on Data Privacy

New proposal creates stricter safeguards against data breaches, protects more private consumer information and enhances data security and reporting requirements.

District of Columbia Attorney General Karl A. Racine has introduced the Security Breach Protection Amendment Act of 2019, which would modernize the District's data breach law and strengthen protections for residents' personal information. 

Racine introduced the bill in response to the major data breaches that have put tens of millions of consumers, and hundreds of thousands of District residents, at risk of identity theft and other types of fraud, according to a press release.

The new legislation would expand legal protections to cover additional types of personal information, require companies that deal with personal information to implement safeguards, include additional reporting requirements for companies that suffer a data breach, and require companies that expose consumers' social security numbers to offer two years of free identity theft protection.

"Data breaches and identity theft continue to pose major threats to District residents and consumers worldwide," Racine said. "The District's current data security law does not adequately protect residents. Today's amendment will bolster the District's ability to hold companies responsible when they collect and use vast amounts of consumer data and do not protect it."

The Security Breach Protection Amendment Act of 2019, reintroduced today in the D.C. Council, strengthens District law by: 

  • Holding companies accountable for safeguarding a broader range of private information: In addition to covering social security numbers, driver’s license numbers, and credit or debit card numbers, the new proposed definition for “personal information” would also require companies to protect passport numbers, taxpayer identification numbers, military ID numbers, health information, biometric data, genetic information and DNA profiles, and health insurance information. This expanded definition takes into account new security and authentication practices and would better protect residents against identity theft. 
  • Creating security requirements for companies that handle personal information: The proposal requires companies that own, license, maintain, handle, or otherwise possess personal information to implement and maintain security safeguards against unauthorized access or use of data. 
  • Requiring companies to provide identity theft protection if they expose Social Security numbers: Companies that expose Social Security or tax identification numbers as part of a data breach would be required to provide affected District consumers with two years of free identity theft prevention services. 
  • Requiring companies to inform consumers of their rights when a data breach occurs: If a data breach occurs, companies would be required to inform consumers of their right under federal law to obtain a security freeze at no cost and information how to obtain such a freeze.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Live From ISC West: Day 2 Recap

    If it’s even possible, Day 2 of ISC West in Las Vegas, Nevada, was even busier than the first. Remember to keep tabs on our Live From ISC West page for news and updates from the show floor at the Venetian, because there’s more news coming out than anyone could be expected to keep track of. Our Live From sponsors—NAPCO Security, Alibi Security, Vistacom, RGB Spectrum, and DoorKing—kept the momentum from Day 1 going with packed booths, happy hours, giveaways, product demonstrations, and more. Read Now

    • Industry Events
    • ISC West
  • Visiting Sin City

    I’m a recovering alcoholic, ten years sober this June. I almost wrote “recovered alcoholic,” because it’s a problem I’ve long since put to bed in every practical sense. But anyone who’s dealt with addiction knows that that part of your brain never goes away. You just learn to tell the difference between that insidious voice in your head and your actual internal monologue, and you get better at telling the other guy to shut up. Read Now

  • On My Way Out the Door

    To answer that one question I always get, at every booth visit, I have seen amazing product technology, solutions and above all else, the people that make it all work. Read Now

    • Industry Events
    • ISC West
  • Return to Form

    My first security trade show was in 2021. At the time, I was awed by the sheer magnitude of the event and the spectacle of products on display. But this was the first major trade show coming out of the pandemic, and the only commentary I heard was how low the attendance was. Two representatives from one booth even spent the last morning playing catch in the aisle with their giveaway stress balls. Read Now

    • Industry Events
    • ISC West

Featured Cybersecurity

New Products

  • PDK IO Access Control Software

    PDK.IO Access Control Software

    ProdataKey now allows for "custom fields" within the interface of its pdk.io software. Custom fields increase PDK's solutions' overall functionality by allowing administrators to include a wide range of pertinent data associated with each user. 3

  • Tyco Kantech EntraPass security management software

    Tyco Kantech EntraPass security management software

    Johnson Controls, the global leader in smart, healthy and sustainable buildings, and architect of the Open Blue digital connected platforms, has released the newest version of the Tyco Kantech EntraPass security management software. 3

  • Unique Oversized ID Card Printer

    Unique Oversized ID Card Printer

    Idesco Corp. is announcing its card printer – the XCR100 2.0 printer- that allows customers to personalize oversized ID cards on demand. The printer is ideal for assisting healthcare organizations find the right badging solution. As healthcare facilities continue to combat the spread of COVID-19, issuing oversized ID cards has helped identify staff clearly while adding an extra layer of security. The XCR100 2.0 printer is the only dye-sublimation printer on the market that can personalize CR100 cards (3.88" x 2.63"). The cards that are 42% larger than the standard credit card size. The printer can produce up to 180 full cards per hour in color, and up to 1,400 cards per hour in monochrome. An optional flipper is available to print dual-sided badges in one pass. Contactless encoding comes as an option to help healthcare facilities produce secure access badges on demand and the card printer features a 2-year warranty. 3