District of Columbia Introduces Legislation on Data Privacy

District of Columbia Introduces Legislation on Data Privacy

New proposal creates stricter safeguards against data breaches, protects more private consumer information and enhances data security and reporting requirements.

  • By Sydny Shepard
  • Mar 26, 2019

District of Columbia Attorney General Karl A. Racine has introduced the Security Breach Protection Amendment Act of 2019, which would modernize the District's data breach law and strengthen protections for residents' personal information. 

Racine introduced the bill in response to the major data breaches that have put tens of millions of consumers, and hundreds of thousands of District residents, at risk of identity theft and other types of fraud, according to a press release.

The new legislation would expand legal protections to cover additional types of personal information, require companies that deal with personal information to implement safeguards, include additional reporting requirements for companies that suffer a data breach, and require companies that expose consumers' social security numbers to offer two years of free identity theft protection.

"Data breaches and identity theft continue to pose major threats to District residents and consumers worldwide," Racine said. "The District's current data security law does not adequately protect residents. Today's amendment will bolster the District's ability to hold companies responsible when they collect and use vast amounts of consumer data and do not protect it."

The Security Breach Protection Amendment Act of 2019, reintroduced today in the D.C. Council, strengthens District law by: 

  • Holding companies accountable for safeguarding a broader range of private information: In addition to covering social security numbers, driver’s license numbers, and credit or debit card numbers, the new proposed definition for “personal information” would also require companies to protect passport numbers, taxpayer identification numbers, military ID numbers, health information, biometric data, genetic information and DNA profiles, and health insurance information. This expanded definition takes into account new security and authentication practices and would better protect residents against identity theft. 
  • Creating security requirements for companies that handle personal information: The proposal requires companies that own, license, maintain, handle, or otherwise possess personal information to implement and maintain security safeguards against unauthorized access or use of data. 
  • Requiring companies to provide identity theft protection if they expose Social Security numbers: Companies that expose Social Security or tax identification numbers as part of a data breach would be required to provide affected District consumers with two years of free identity theft prevention services. 
  • Requiring companies to inform consumers of their rights when a data breach occurs: If a data breach occurs, companies would be required to inform consumers of their right under federal law to obtain a security freeze at no cost and information how to obtain such a freeze.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

  • Ransomware Attacks Rise for the First Time in Six Months

    Ransomware attacks have risen for the first time in six months, increasing by 28% month-on-month to 421 attacks. While overall attack volume remained below 500, the uptick may signal a renewed escalation heading into the year’s most active period for cyber criminals. Read Now

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services

  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

Most   Popular

New Products

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities