HOUSE REPUBLICAN STAFF ANALYSIS Bill: Senate File 2259 Committee: Public Safety Floor Manager: Rep. Klein Date: March 18, 2014 Staff: Amanda Freel (1-5230)
House Committee: House Floor: Senate Floor: Governor:
PASSED on March 11 (19-0) PASSED on March 18 (98-0) PASSED on February 26 (49-0) PASSED on March 26 (48-0) SIGNED on April 3, 2014
Financial Privacy Senate File 2259 Expands the definition of “Breach of Privacy” to better protect consumers This bill requires those who have a privacy breach that impacts more than 500 Iowans to contact the Attorney General
___________________________________________________________________________________
Section by Section Analysis Section 1 – Definitions-Personal Information Security Breach Protection Adds to the definition of “security breach”. Security breach includes the loss of computerized data in any form, whether on paper or a thumb-drive or otherwise. Section 2 – Definitions-Personal Information Security Breach Protection Limits exemptions for breaches of encrypted or redacted data if the breach includes theft of the keys to unlock the encryption or redaction. Section 3 – Definitions-Personal Information Security Breach Protection Unauthorized access to a consumers’ first and last names with their credit card numbers is considered a breach if the card’s expiration date is also obtained. Section 4 Security Breach-Notification Requirements- Remedies Requires those who incur a privacy breach to contact the Attorney General within 3 business days after giving notice to any consumer. The breach must affect more than 500 Iowans before the AG must be notified.
__________________________________________________________________________________
Amendment Analysis H-8110 by Kline –Accepted Voice Vote Action 1- Amends the definition of breach of security: 1
Security breach includes the loss of computerized data in any form, whether on paper or a thumb-drive or otherwise that compromises the security, confidentiality, or integrity of the personal information Action 2-Notice of a breach must be given to the Attorney General within 5 business days after giving notice to any consumer. Bill originally required notice to the AG within 3 business days.
2
