2005 Senate Bill 309 ↩
Senate Roll Call 739:
Passed
To require a state agency or a private company that maintains computerized data with personalized information on individuals to notify those individuals if a breach of security allows unencrypted personal identifying information to be acquired by an unauthorized person. The bill specifies allowable formats for the notices and the information to be included in the notice. Also, to require the notification of credit reporting agencies of a security breach that could lead to indentity theft. Failure to comply with the notification requirements would be punishable by civil fines of $1,000 for each individual affected by a security breach, up to a maximum of $2.5 million.