Insights

WA State Updates - 2015 Jan 11 No.01


On April 23, 2015, Gov. Inslee signed HB 1078 into law, amending RCW 19.255.010 and 42.56.590 and creating a new section. The purpose of the law is to better safeguard personal information, prevent identity theft and ensure that the attorney general receives notification when breaches occur so appropriate action may be taken to protect consumers.

Employers must notify of a breach of personal information within 45 calendar days after discovering the security breach and include specific content in notifications for Washington residents.

The notice must meet the following minimum requirements:

Is written in plain language

Includes the name and contact information of the reporting person or business or agency

Lists the type of personal information breached

Includes toll-free telephone numbers to major credit reporting agencies if the breach exposed personal information.

The law states that employers must issue a copy of the notice (excluding any personally identifiable information) to the Washington Attorney General's office if the security breach affects more than 500 Washington employees, applicants or other persons residing in Washington. They must also provide the number of Washington consumers affected by the breach, or an estimate if the exact number is not known.

The Washington Attorney General can sue employers that violate security breach notification provisions.

The law was effective July 24, 2015.

HB 1078 »