Legislation watch

Search all years.

2019 House Bill 4187: Expand data breach response requirements
Introduced by Rep. Diana Farrington (R) on February 14, 2019
To establish detailed rules for personal information data breaches that create a substantial risk of identity theft or fraud, including notice requirements, reporting requirements, guidelines and more for businesses, associations and state agencies. Among other things the bill would distinguish between breaches that permit an outsider to gain access to an online account, versus breaches that expose sensitive personally identifying information. The bill authorizes $5,000-per-day civil penalties for noncompliance, up to a maximum of $250,000.   Official Text and Analysis.
Referred to the House Financial Services Committee on February 14, 2019
Reported in the House on March 13, 2019
Refer to the committee on Ways and means.
Referred to the House Ways and Means Committee on March 13, 2019
Reported in the House on December 10, 2019
Without amendment and with the recommendation that the bill pass.
Received in the Senate on September 9, 2020
Referred to the Senate Regulatory Reform Committee on September 9, 2020
Reported in the Senate on December 3, 2020
With the recommendation that the substitute (S-1) be adopted and that the bill then pass.
To establish detailed rules for personal information data breaches that create a substantial risk of identity theft or fraud, including notice requirements, reporting requirements, guidelines and more for businesses, associations and state agencies. Among other things the bill would distinguish between breaches that permit an outsider to gain access to an online account, versus breaches that expose sensitive personally identifying information. The bill authorizes $5,000-per-day civil penalties for noncompliance, up to a maximum of $750,000.
Received in the House on December 16, 2020
To concur with the Senate-passed version of the bill.

Comments