April 8 --Iowa Gov. Terry Branstad (R) recently signed legislation (S.F. 2259) that amends the state's data breach notification law to require covered entities to notify the state attorney general of breaches affecting more than 500 Iowans.
Under the measure, covered entities must notify the attorney general within five business days after notifying affected individuals.
S.F. 2259, which was signed by the governor April 3, will take effect July 1.
S. 2259 expands the scope of the state's data breach notice law beyond coverage for breaches affecting unencrypted computerized data to now include personal information in any form, including paper.
The legislation, which passed both houses of the Iowa General Assembly unanimously, is a “second-generation’’ data breach law, William Brauch, director of the office's Consumer Protection Division, told Bloomberg BNA April 8. Brauch said that his office proposed the law because of its own experiences with businesses reporting breaches.
Iowa enacted the underlying data breach notice law in May 2008 (7 PVLR 757, 5/19/08).
Brauch said a printout of personal information taken from a computer and then stolen will now be considered a security breach.
Brauch said the mandate that the attorney general be notified is important to allow his office to investigate and better protect consumers. If a resident calls and says others are applying for credit in his or her name, the Office of the Attorney General would be well-served to know a breach has occurred, he said.
The five-day time limit was a compromise, Brauch said, as some businesses said they couldn't report their concerns to his office any sooner than that.
He said his office isn't always apprised of breaches by companies that have them. Instead, he said, it sometimes hears of them from consumers and sometimes from other states that have notification requirements.
To contact the reporter on this story: Mark Wolski in St. Paul, Minn., at firstname.lastname@example.org
To contact the editor responsible for this story: Katie W. Johnson at email@example.com
S.F. 2259, as signed into law, is available at http://coolice.legis.iowa.gov/linc/85/external/govbills/SF2259.pdf.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to firstname.lastname@example.org.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).