|
HOUSE OF REPRESENTATIVES |
H.B. NO. |
678 |
|
TWENTY-SIXTH LEGISLATURE, 2011 |
H.D. 1 |
|
|
STATE OF HAWAII |
|
|
|
|
|
|
|
|
||
|
|
||
A BILL FOR AN ACT
RELATING TO INFORMATION.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:
SECTION 1. Chapter 487N, Hawaii Revised Statutes, is amended by adding a new section to be appropriately designated and to read as follows:
"§487N- Duty to pay for credit monitoring reports. (a) Any government agency responsible for a security breach that may result in a crime being committed under section 708-839.6, 708-839.7, or 708-839.8 shall be liable for the costs of providing each person whose personal information was disclosed with, at a minimum, a three-year subscription to a nationwide consumer reporting agency's services.
(b) No later than seven calendar days after a government agency provides notice of the security breach, the government agency responsible for the security breach shall provide each person with a choice of not less than two nationwide consumer reporting agencies from which the person may select to subscribe. The person, if the person so chooses, shall select a nationwide consumer reporting agency and the credit monitoring and reporting services that the person requires and shall inform the responsible government agency of the person's selection. If a person elects not to subscribe to any credit monitoring and reporting services offered by a nationwide consumer reporting agency, the person shall notify the responsible government agency in writing of the person's choice to not subscribe to any credit monitoring or reporting services. The government agency responsible for the security breach shall keep a record of each person's credit monitoring and reporting services selection, or election to not subscribe to those services, for at least five years after the receipt by the government agency of a person's selection or election under this subsection.
(c) The responsible government agency shall enroll the person into the credit monitoring and reporting plan of the person's choice within seven calendar days of receipt of the person's selection made under subsection (b) and shall pay all costs associated with the three-year subscription to the selected nationwide consumer reporting agency's services.
(d) The office of consumer protection may adopt rules in accordance with chapter 91 to effectuate this section."
SECTION 2. Section 487N-1, Hawaii Revised Statutes, is amended as follows:
1. By adding a new definition to be appropriately inserted and to read:
""Nationwide consumer reporting agency" means a consumer reporting agency, as defined in 15 United States Code Section 1681a(p), that compiles and maintains files on consumers on a nationwide basis."
2. By amending the definition of "security breach" to read:
""Security breach" [means an]:
(1) Means:
(A) An incident of unauthorized
access to and acquisition of unencrypted or unredacted records or data
containing personal information where illegal use of the personal information
has occurred, or is reasonably likely to occur and that creates a risk of harm
to a person[.];
(B) Any incident of unauthorized access
to and acquisition of encrypted records or data containing personal information
along with the confidential process or key [constitutes a security breach.
Good]; and
(C) Any incident of inadvertent, unauthorized disclosure of unencrypted or unredacted records or data containing personal information;
and
(2) Does not include good faith
acquisition of personal information by an employee or agent of the business for
a legitimate purpose [is not a security breach]; provided that the
personal information is not used for a purpose other than a lawful purpose of
the business and is not subject to further unauthorized disclosure."
SECTION 3. This Act does not affect rights and duties that matured, penalties that were incurred, and proceedings that were begun before its effective date.
SECTION 4. Statutory material to be repealed is bracketed and stricken. New statutory material is underscored.
SECTION 5. This Act shall take effect upon its approval.
Report Title:
Personal Information; Unauthorized Disclosure; Credit Report
Description:
Requires any government agency responsible for a security breach to pay for the costs of providing each person whose personal information was disclosed with, at a minimum, a three-year subscription to a nationwide consumer reporting agency's services. (HB678 HD1)
The summary description of legislation appearing on this page is for informational purposes only and is not legislation or evidence of legislative intent.