With data breaches increasing drastically across the United States, the need for states to have appropriate data breach legislation in place is vital. States are now stepping up to further explain, update and enact data breach laws to protect those affected by a breach. New Mexico, Tennessee and Virginia are the most recent states to act on their data breach legislation.
On April 6th, the Data Breach Notification Act was signed by Governor Susana Martinez, which ended New Mexico’s status as one of the last three states without a data breach notification law. This law will take effect on June 16, 2017.
Although Tennessee has a data breach notification statute in place, there has been some debate over a 2016 amendment to the law, which was clarified earlier this month in a new amendment. The newest amendment, which went into effect on April 4, 2017 explains that businesses affected by a breach where their computerized data has been encrypted only need to notify affected individuals if the key to remove the encryption has been compromised.
Virginia, who already has a data breach law in place has made some updates to their statute to account for the widespread scams of W-2 phishing emails. The amendment requires that the Attorney General and Department of Taxation are notified if an employer and/or payroll service provider suffer a data breach where taxpayer identification numbers and income tax withholding information are involved. The amendment is intended to supplement the existing law and only applicable to employers and payroll service providers. This amendment will take effect on July 1, 2017.