Proposed State Legislation Would Broaden Data Breach Protections

Proposed State Legislation Would Broaden Data Breach Protections

Proposed legislation from North Carolina Attorney General Josh Stein and State Rep. Jason Saine (R-Lincoln) would strengthen the state laws already in place to prevent data breaches and protect victims, according to

“Last year, more than 5.3 million North Carolinians were estimated to have been affected by a data breach,” said Stein in a press release. “This number is staggering and unacceptable. North Carolina’s laws on this issue are strong—but they need to be even stronger.”

Dubbed the Act to Strengthen Identity Theft Protections, the law would add ransomware attacks to the list of data breach types that businesses and government agencies are required to report to the Attorney General’s office and affected individuals.

In addition, the legislation includes stronger protections for consumers and their data. Entities would have an explicit duty to protect medical information and insurance account numbers under the proposed law. Businesses would need consumers’ permission in order to obtain a credit report or credit score, and consumers would have the right to request a list of the personal information maintained from consumer reporting agencies, as well as its sources and a list of persons and entities to which the information was disclosed, according to

Consumers could expect a tidy turnaround time for breach disclosures, as businesses and agencies would have just 15 days to report them. That would be a significant change considering recent breach disclosures that have taken place years after the initial incident, as in the case of the Yahoo! hack in 2013, according to the article. And consumers would be able to easily freeze or unfreeze credit reports across all major reporting agencies thanks to the law, which would require credit agencies to implement a one-stop system for this purpose.

“As more and more of our daily activities involve digital interactions, ensuring the safety of North Carolina’s citizens’ data is of critical importance,” Saine said in the press release. “When there is a breach, we need to ensure that consumers are notified in a timely fashion and that they have the tools they need to protect their personal identity from bad actors.”

Click here for a fact sheet about the Act to Strengthen Identity Theft Protections.


Sarah Sheber is assistant editor/web editor at Journal of AHIMA.