STAND. COM. REP. NO. 2831
Honolulu, Hawaii
RE: S.B. No. 2695
S.D. 1
Honorable Ronald D. Kouchi
President of the Senate
Thirty-Second State Legislature
Regular Session of 2024
State of Hawaii
Sir:
Your Committee on Commerce and Consumer Protection, to which was referred S.B. No. 2695 entitled:
"A BILL FOR AN ACT RELATING TO PRIVACY,"
begs leave to report as follows:
The purpose and intent of this measure is to:
(1) Add the definitions of "identifier" and "specified data element" and amend the definition of "personal information" for the purposes of notifying affected persons of data and security breaches under existing state law that governs the security breach of personal information; and
(2) Include licensees subject to the Insurance Data Security Law, article 3B, chapter 431, Hawaii Revised Statutes, among the businesses deemed compliant with security breach notice requirements existing under state law.
Your Committee received testimony in support of this measure from the Office of Consumer Protection of the Department of Commerce and Consumer Affairs, Department of Education, Office of Enterprise Technology Services, Student Advocates for Responsible Technology, and one individual.
Your Committee received testimony in opposition to this measure from TechNet, State Privacy & Security Coalition, Hawaii Financial Services Association, and Consumer Data Industry Association.
Your Committee received comments on this measure from the Division of Financial Institutions of the Department of Commerce and Consumer Affairs, Hawaii Bankers Association, and Hawaii Credit Union League.
Your Committee finds that the expansion of the Internet and related digital technologies has resulted in the need to safeguard personal and sensitive data from exploitation, identity theft, financial fraud, and even blackmail. To that end, the Legislature adopted House Concurrent Resolution No. 225, H.D. 1, S.D. 1 (2019), which requested a Twenty-First Century Privacy Law Task Force be convened to examine and recommend laws and regulations relating to internet privacy; the collection, transmission, processing, protection, storage, and sale of personal data; hacking; data breaches; and other similar subjects. Your Committee finds that the Twenty-First Century Privacy Law Task Force determined that certain definitional amendments to the state law governing the security breach of personal information under chapter 487N, Hawaii Revised Statutes, were necessary to make privacy protection more robust and expansive. Therefore, this measure, among other things, makes various technical updates to conform with the Twenty-First Century Privacy Law Task Force's recommendations.
Your Committee has amended this measure by:
(1) Repealing the Office of Thrift Supervision as one of the federal regulators on the list of businesses deemed to be in compliance with security breach notice requirements under section 487N-2, Hawaii Revised Statutes;
(2) Inserting an effective date of July 1, 2040, to encourage further discussion; and
(3) Making a technical, nonsubstantive amendment for the purposes of clarity and consistency.
As affirmed by the record of votes of the members of your Committee on Commerce and Consumer Protection that is attached to this report, your Committee is in accord with the intent and purpose of S.B. No. 2695, as amended herein, and recommends that it pass Second Reading in the form attached hereto as S.B. No. 2695, S.D. 1, and be placed on the calendar for Third Reading.
Respectfully submitted on behalf of the members of the Committee on Commerce and Consumer Protection,
|
|
________________________________ JARRETT KEOHOKALOLE, Chair |
|
|
|