Washington Enacts Data Security Law

April 9, 2010

In our current age where technology reigns supreme and both credit card and insurance companies are designing apps for iPhones and smartphones to help protect consumers and capture business, who is guarding our information? In Washington, the government is…well, sort of.

According to the reports over the net, Governor Christine Gregoire of Washington signed into law this week, legislation that requires financial institutions to comply with existing data security recommendations, or face potential liability if there should be a data breach.

According to the tect of the bill, HB 1149:

“Protecting Consumers from Breaches of Security,” the state recognizes that breaches of credit and debit card information can contribute to identity theft and fraud, and can be costly to consumers. “The legislature also recognizes that when a breach occurs, remedial measures such as re-issuance of credit or debit cards affected by the breach can help to reduce the incidence of identity theft and associated costs to consumers,” the bill text states. Consequently, the new law encourages the re-issuance of credit and debit cards, when appropriate, and allows financial institutions to recoup data breach costs associated with the the re-issuance from large businesses and card processors who are “negligent in maintaining or transmitting card data.”

If a business or data processor doesn’t take “reasonable care” to prevent data breaches, it can be liable to the financial institution for “reimbursement of reasonable costs,” even if no physical injuries occur. Further, a financial institution can ALSO recover attorneys fees and costs of legal action, so long as they are not excessive.

The law will take effect on July 1, 2010.