Residential MortgageCompliance Monitor

Washington Amends Security Breach Provisions

Washington has modified its provisions regarding security breaches of personal information. These provisions are effective as of March 1, 2020.

Personal Information

The previous version of the provision stated that organizations affected by a breach only had to notify its customers after a hacker obtained the consumer’s name in combination with any of the following elements of personal information: 1) social security numbers, 2) driver’s license numbers; 3) state ID numbers; or 4) financial account information.

Under the new provision, the list of personal information types has been expanded to include: 1) full birth dates; 2) health insurance ID numbers; 3) medical history; 4) student ID numbers; 5) military ID numbers; 6) passport ID numbers; 7) usernames and passwords; 8) biometric data, such as DNA profiles and fingerprints; and 9) electronic signatures.

Notification to the Attorney General

Under the previous version of the provision, the affected organization was required to notify the Attorney General within forty-five days of a breach. This time frame has been reduced to thirty days.

Method of Notification

 A new provision adds that if a breach involves a consumer’s username or password, an organization may provide notice to the consumer via email. The notice must inform the affected consumer that he or she should promptly change his or her email password and security question or answer, and take any other appropriate steps to protect the online account.

Content of Notification

Another added provision requires that an organization provide to an affected consumer a time frame of exposure of the breached personal information, if known, including the date of the breach and the date the breach was discovered.

For the full text of House Bill 1071, please refer to http://lawfilesext.leg.wa.gov/biennium/2019-20/Pdf/Bills/House%20Passed%20Legislature/1071-S.PL.pdf

Tags: , State Mortgage Compliance | Comments Off on Washington Amends Security Breach Provisions

  • 14134296646

Elizabeth Dailey, JD, is a Regulatory Compliance Director with CLA. She is a graduate of the University of New Hampshire and earned her juris doctor at New England Law. She is admitted to the Massachusetts Bar.

Comments are closed.

Subscribe to Blog   

Residential Mortgage Compliance Monitor is an educational resource for financial institutions, providing announcements, legislative summaries, and policy changes issued by state and national regulators. Announcements also cover mortgage lending rules of HUD, Fannie Mae, Freddie Mac, and other mortgage agencies.