Introduced
by
To require a state agency or a private company that maintains computerized data with personalized information on individuals to notify those individuals if a breach of security allows unencrypted personal identifying information to be acquired by an unauthorized person. A person damaged by an unauthorized release could sue for actual damages and costs. The bill was introduced following news stories about hackers obtaining personal data on 145,000 persons from the ChoicePoint database company. ChoicePoint voluntarily performed the actions that would be required by the bill.
Referred to the Committee on Judiciary
