Washington Creates Data Security Law

April 8, 2010

Washington Gov. Christine Gregoire has signed legislation into law that encourages financial institutions to comply wtih that data security requirements — or face potential liability if a data breach occurs.

According to bill text of HB 1149, “Protecting Consumers from Breaches of Security,” the state recognizes that breaches of credit and debit card information can contribute to identity theft and fraud, and can be costly to consumers. “The legislature also recognizes that when a breach occurs, remedial measures such as re-issuance of credit or debit cards affected by the breach can help to reduce the incidence of identity theft and associated costs to consumers,” the bill text states. Consequently, the new law encourages the re-issuance of credit and debit cards, when appropriate, and allows financial institutions to recoup data breach costs associated with the the re-issuance from large businesses and card processors who are “negligent in maintaining or transmitting card data.”

If a processor or business fails to take reasonable care to guard against a data breach, it is liable to the financial instituation for reimbursment of reasonable costs related to the card reissuance, even if there is no physical injury, the bill states. Furthermore, a financial institution also can recover reasonable attorney fees and costs in connection with the legal action.

The law will take effect on July 1, 2010.

Source: Washington Legislature

Was this article valuable?

Here are more articles you may enjoy.