July 2015 Bar Bulletin
Skip Navigation Links
CLE / Education
For Lawyers
Legal Help
Special Programs
MyKCBA Login

July 2015 Bar Bulletin

Washington's Amended Data Breach Notification Law

By Olivia Gonzalez


Is Your Business in Compliance?

Given the proliferation of high-profile data security breaches, 2014 was deemed the "year of the data breach" by various news and media sources.1

Mega-retailers such as eBay, Target and Home Depot were victims of sophisticated cyberattacks leading to the disclosure of millions of consumers' personal information. But large retail chains and financial institutions are not the only entities at risk; small businesses are just as vulnerable to large-scale security breaches of their information technology (IT) systems.

Consider the following scenarios:

  • A week after terminating the manager at your main office, you learn that before leaving, she saved hundreds of confidential files containing customer information to her personal laptop. Disgruntled at having been terminated, albeit for cause, the former manager threatens to disseminate the private information she misappropriated.
  • A current employee borrows a company laptop for a business trip to California. The computer is loaded with confidential client files, including files belonging to Washington clients, and employee payroll records. After going through security and before boarding the plane, she misplaces the laptop. Two weeks later, the computer is mailed to your home office stripped of its contents. It was not password protected.
  • Cyber attackers executed an attack on your company's IT system. Although your in-house technology team is working on securing the network and "fixing" the problem, the situation has yet to be contained. An ongoing investigation confirms that customer information, and maybe even employee information, has been accessed or stolen.

Each of these scenarios may trigger a business's duty to inform clients, consumers and employees of a data breach under RCW 19.255.010, Washington's data breach notification law. The law requires any person or business that conducts business in Washington to disclose unauthorized disclosure of "personal information" (PI). PI is an individual's first name or first initial and last name in combination with their: (1) Social Security number, (2) driver's license or Washington state identification card number, or (3) account, credit or debit card number along with the required security code or password.2

...login to read the rest of this article.

Return to Bar Bulletin Home Page

KCBA Twitter Logo KCBA Facebook Logo KCBA LinkedIn Logo KCBA Email Logo

King County Bar Association
1200 5th Ave, Suite 700
Seattle, WA 98101
Main (206) 267-7100
Fax (206) 267-7099

King County Bar Foundation Home Page

Charitable Arm of the Bar

Jewels Page

Pillars of the Bar Page

All rights reserved. All the content of this web site is copyrighted and may be reproduced in any form including digital and print
for any non-commercial purpose so long as this notice remains visible and attached hereto. View full Disclaimer.