|Notice of Security Breeches (Designated by Statutory Number)|
|CITATION||Wash. Rev. Code § 19.255.010, 42.56.590|
RCW 42.56.590 applies to state agencies that own or license computerized data that includes personal information. RCW 19.255.010 applies to any person or business that conducts business in the State of Washington and owns or licenses computerized data that includes personal information. Under both, if there is a breach of the security of a system, there is an obligation to notify the individuals whose personal information was involved.
However, a person or business under this law is not be required to disclose a technical breach of the security system that does not seem reasonably likely to subject customers to a risk of criminal activity.
The laws cover ‘Personal Information’ which is defined as an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted:
|INDUSTRY||Any person or business that conducts business in WA and owns or licenses computerized data that includes PI or maintains such data.|
Any customer injured by a violation of this law may institute a civil action to recover damages.
A court may grant an injunction against any business that violates, proposes to violate, or has violated this section.