North Carolina Attorney General Josh Stein and state Rep. Jason Saine have reinforced new data breach laws that would allow the organizations to report a breach within 30 days. This would give consumers more insight into where their data lives.
The law reduces the notification time in half for healthcare providers as outlined by HIPAA which dictates the breach notifications to occur within 60 days of discovery. According to the scheme, the strict notification will “allow people to freeze their credit across all major credit reporting agencies and take other measures to prevent identity theft before it occurs.”
Moreover, a breach would be redefined in the bill to include ransomware attacks in which the personal information is accessed but not necessarily acquired. This is particularly significant for healthcare organizations which are always under attack of ransomware attacks by hackers.
The bill now also includes consumer data protections which also gives the individuals the right to demand the data recorded on them, its source and the place where it was disclosed. If this legislation is accepted, it will command breach organizations to provide the victims with two years of free monitoring. They would be allowed to freeze their credit without payments.
Stein explains that the legislation is proposed due to the increased rate of breaches throughout the state. According to the report released along with the proposed bill 1.9 million North Carolina residents were victims of data leaks through 1,047 breaches in 2018.
The report highlights a 3.4 percent increase in breaches from 2017 to 2018.
This legislation is the second attempt by the state to reinstate their privacy laws. In January 2018, the bill was announced by Stein and Saine that provided businesses with only 15 days to report a breach after being discovered.
According to Saine, they spent a year in redrafting the law and have worked with various citizen advocates like AARP and other business communities within the process.
Saine said in a statement. “We are strongly committed to getting this right and creating a strong framework for protecting our most personal information,”
“This number is way too high. North Carolina’s laws on this issue are strong – but they need to be even stronger, “Saine and I want to do everything we can to keep people’s personal information safe.”
If this legislation is passed, it will combine with the state’s other efforts in ensuring consumer data protection. Colorado and Iowa introduced a similar bill in the previous year.
Many groups of Congress have also called up for an increase in privacy laws. The Information Technology and Innovative Fund made the most recent recommendation that the privacy regulations like the HIPAA should be replaced by unified federal privacy law.