A group of North Carolina representatives introduced a bill to revamp the state’s Identity Theft Protection Act, according to a post from Wyrick Robbins. The proposed bill would require organizations to notify affected individuals of a breach “as soon as practicable, but not later than thirty days after discovery” of the incident. The new notification standard would match Florida and Colorado for the strictest in the country. The rules would expand the definition of a security breach to include situations where data is only accessed, rather than having to be accessed and acquired. The definition of personal information under state law would be expanded to include insurance identifiers and medical history data, according to the report.
If you want to comment on this post, you need to login.