If the Act to Strengthen Identity Theft Protections is signed into law, North Carolina could become one of the strictest states for data security.
Though the bill’s text is not yet public, a fact sheet was released describing some of its provisions. Those include expanding the definition of a data breach to include ransomware attacks in which personal information has been accessed but not necessarily acquired. Though this is in line with HHS’ Office for Civil Rights’ guidance, it would be the first state mention of ransomware in its data breach definition.
Entities would also have half the time after discovery to report a breach to their consumers — they’d be allotted just 15 days.
“This quick notification will allow consumers to freeze their credit across all major credit reporting agencies and take other preventative measures to prevent identity theft before it occurs,” the fact sheet reads.
And, if a credit reporting agency is the victim of a breach, that agency would be required to offer five years of free credit reporting to consumers as opposed to the current standard practice of offering consumers one year of monitoring.
More articles on cybersecurity:
Facebook hires IBM scientist who helped build Watson for its AI efforts: 5 things to know
UPenn researchers want to launch the US’s 1st CRISPR trial in humans: 6 things to know
