HB 1071 and Your Business

Contact Us for Your Free Quote!
Newsletter Sign Up

Get the latest industry tips and offers.

  • This field is for validation purposes and should be left unchanged.

Regulations book. Law, rules and regulations concept. 3d illustration Unlike several European countries, the United States does not have a federal data privacy law. However, of a federal regulation, several states including Washington have recently passed data breach notification laws. In this blog, we answer questions about HB 1071 to help you understand how it may impact your business.

Q: What is HB 1071?

A: HB 1071 is a bill passed by the Washington State Legislature in on April 22, 2019. The law is intended to strengthen the state’s data breach notification law. Previously, “personal information” was limited to an individual’s name, social security number, driver’s license number, and any information that would permit access to an individual’s financial account.

HB 1071 expands the definition of “personal information” to include:

  • full date of birth
  • student, military or personal identification number
  • health insurance policy number or insurance identification number
  • certain medical history information
  • certain biometric data
  • username, password, email address, security questions

Washington businesses must notify the Attorney General if Washington residents are impacted by a data breach.

Q: When does HB 1071 take effect?

A: Washington’s data breach notification law takes effect on March 20, 2020.

Q: Who enforces HB 1071?

A: Washington State’s Office of the Attorney General is responsible for enforcing HB 1071.

Q: Under the law, when do I have to notify the Attorney General of a data breach?

A: If a breach affects 500 or more Washington residents, covered entities must notify each resident and the Attorney General within 30 days of the breach. Previously, the notification time was 45 days.

Q: What do I need to include in a data breach notification?

A: You must include the following information when notifying the Attorney General of a data breach:

  • the number of residents affected
  • the date of the breach
  • the date of the breach discovery
  • a summary of steps taken to remediate the breach
  • a copy of the breach notice sent to affected individuals

Q: How Do I Comply with HB 1071?

A: Make sure to have data breach prevention policies and procedures in place. A records and information management provider specializing in security and compliance can assess your risk profile and offer helpful resources for complying with HB 1071.

For more information on how to reduce your data breach exposure and comply with state and federal privacy regulations, please call us at 509-586-6090 or complete on this page.