Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Hawaii
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable

delay

FINES & PENALTIES – Violations
Up to $2,500 per violation

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Hawaii Privacy Law Information

DEFINITION OF PERSONAL INFORMATION

Hawaii’s security breach law applies to personal information in any format (whether computerized, paper or otherwise).

PRIVACY PROGRAM

Organizations conducting business in HI must take reasonable measures to protect against unauthorized access to or use of personal information in connection with or after its disposal. Organizations contracting with a data disposal Vendor must monitor and exercise due diligence ensuring the required policies and procedures are in place for the destruction of records, review an independent audit, obtain reliable professional references, require trade association certification.

BREACH REPORTING

When 1,000 or more consumers are notified, reporting is required to the State of Hawaii’s Office of Consumer Protection and all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.

CONSUMER NOTIFICATION

There are specifically defined requirements for consumer notification. If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES

Vendors in the business of destroying records must have policies and procedures in place for the destruction of records containing personal information so the records are unreadable or undecipherable. Vendors in the business of destroying records must have policies and procedures in place for the protection of personal information during and after collection, transportation, and destruction.

INDUSTRY SPECIFIC LAWS

Hawaii passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to data breaches. Effective July 1, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days.

FINES & PENALTIES

In addition to the monetary penalties for violations of security breach notification and reporting, the Attorney General or the Executive Director of the Office of Consumer Protection may bring an action, and a business in violation may be liable for actual damages suffered by a consumer. Organizations may be fined or penalized for Vendor violations. Organizations may be subject to penalties up to $2,500 for each violation.

Hawaii Statutes and Laws

H.A.R. § 8-34

Protection of education rights and privacy of students and parents

H.A.R. § 16-54

Personal records

HAW. REV. STAT. § 323B

Health care privacy harmonization act

HAW REV. STAT. §431

INSURANCE DATA SECURITY LAW

HAW. REV. STAT. § 487D

Retail merchant club cards

HAW. REV. STAT. § 487J

Personal information protection requirements

HAW. REV. STAT. § 487N

Security breach of personal information

HAW. REV. STAT. § 487R

Destruction of personal information

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.