2005 Senate Bill 309 ↩
House Roll Call 1287:
Passed
To require a state agency or a private company that maintains computerized data with personalized information on individuals to notify those individuals if a breach of security allows unencrypted personal identifying information to be acquired by an unauthorized person. The bill specifies allowable formats for the notices and the information to be included in the notice. Also, to require the notification of credit reporting agencies of a security breach that could lead to identity theft. Failure to comply with the notification requirements would be punishable by civil fines of $250 for each individual affected by a security breach, up to a maximum of $750,000.