Washington D.C. takes a leaf from GDPR book, introduces new data privacy bill

The US capital region is on track to implement new regulations akin to the EU”s GDPR, the local government of Washington D.C. said in a press release. The law seeks to expand protections for residents” personal data and includes new compliance requirements for entities handling data of D.C. residents.

Attorney General Karl A. Racine says D.C. residents have been among those recently hit by some of the most serious data breaches in history. The Equifax breach alone, which exposed personal information of over 143 million people, affected 350,000 District residents, he said.

“Data breaches and identify theft continue to pose major threats to District residents and consumers nationwide,” Racine said. “The District”s current data security law does not adequately protect residents. Today”s amendment will bolster the District”s ability to hold companies responsible when they collect and use vast amounts of consumer data and do not protect it. I urge the Council to pass this legislation quickly for the benefit of District residents.”

The Security Breach Protection Amendment Act of 2019 seeks to:

• Expand the definition of personal information subject to legal protection, including passport numbers, military ID numbers, health and biometric data, and even genetic information.
• Create new compliance requirements for companies that handle personal information, so as to provide identity theft protection if they expose Social Security numbers, and to inform customers of their rights when a breach occurs and their personal data is at risk.

The Office of the Attorney General would also become the go-to authority for reporting any violation of the District”s Consumer Protection Procedures Act, according to the news release. Readers can view the full bill here.