Wyoming Amends Data Breach Statute, Increases Scope of PII and see
The scope of PII and knowledge breach notice got a great deal bigger in Big Wyoming.
Wyoming Governor Matt Mead signed two bills into law on March 2 amending the state’s data breach notification statute. The debts – S.F. 35 and S.F. 36 – broaden the phrase personal identifiable information (“PII”) and mandate covered organizations include more information concerning the breach whenever notice to affected people is needed.
The amendments, which are into effect This summer 1, 2015, make significant modifications to Wyoming’s data breach notification statute. For example, S.F. 35 now necessitates that notice be “clear and consistent” and can include at least:
- A toll-free number for consumers to contact the business;
- The types of PII reasonably believed affected;
- A general description of the breach;
- The approximate date of the breach, if known;
- The business’ general actions taken to guard against further breach;
- Advice directing affected persons to remain vigilant by reviewing account statements and monitoring credit reports; and
- Whether the notification was delayed due to a law enforcement investigation.
Furthermore, S.F. 36 enlarges the phrase PII underneath the statute to comprise data that consists of the name or first initial and surname of the person in conjunction with a number of the next elements:
- A Social Security or driver’s license number;
- An account, credit card or debit card number in combination with any required code or password;
- A tribal, or Federal- or state-government issued identification card;
- Shared login secrets or security tokens known to be used for data based authentication;
- A username or email address, in combination with a required password or security question and answer;
- A birth or marriage certificate;
- Medical information (i.e. medical history, mental or physical condition, or medical treatment or diagnosis);
- Health insurance information;
- Unique biometric information; or
- An individual taxpayer identification number.
The swift introduction and passage of Wyoming’s amendments show that data security is a hot –and non-controversial – topic in legislatures across the country, and remains one policy area where Democrats and Republicans are able to bridge their partisan divide.
The governor’s signing from the bills adopted the Wyoming legislature’s final approval from the amendments on Feb 23. The quick introduction and passage from the S.F. 35 and S.F. 36 reveal that data security is really a hot subject in legislatures across the nation, and stays one policy area where Democrats and Republicans can bridge their partisan divide. Indeed, numerous data breach bills happen to be introduced at both national and condition levels throughout the 2015 legislative sessions. Hardly a big surprise, because of the high attention that data breaches received in media in the last year cheap data breach notice isn’t politically questionable.
Yet in growing the scope of PII, the amendments will raise the frequency that companies will need to inform consumers of breaches for their information, which will increase affected businesses’ compliance costs.
It’s still relatively at the start of the legislative calendar, so it’s unclear the number of more states follows Wyoming’s lead modify their data breach laws. It’s also uncertain whether the data breach notification bills presently pending in Congress will gain traction and be law. However, it’s a comparatively victorious one that data breach bills is constantly attract legislators’ attention through out 2015’s legislative sessions.