Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Washington
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Within 30 days

FINES & PENALTIES – Violations
Consumer & Attorn. Gen. may bring action

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Washington Privacy Law Information

PRIVACY PROGRAM

Organizations and Vendors who are businesses operating in Washington must have measures in place for the secure destruction of records containing personal information, so the records are unreadable or undecipherable. Organizations must contract with vendors to whom they disclose personal information containing biometric identifiers. Washington has regulations specific to the collection, use, disclosure and protection of individual’s biometric identifiers.

BREACH REPORTING

If a breach affects more than 500 residents, breach notification must be made within 30 days to the State Attorney General. Specific information must be included in the Attorney General breach notification, including a summary of steps taken to contain the breach and a sample copy of the consumer notification. Specific information must be included in the consumer notification. If the breach affects an email account, the notification must be sent to the individual through a means other than the affected email address.

CONSUMER NOTIFICATION

Organizations must notify affected Washington residents within 30 days after discovery of a breach of security involving their personal information. For breaches involving online account personal information (username or email and password/security question), consumer notification may be provided in electronic form informing consumers of the incident and directing them to change their password/security question/answer that may have been compromised. If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES

Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications.

INDUSTRY SPECIFIC LAWS

Entities handling personal health information and student data must comply with additional protection and disclosure requirements. Sector-specific laws (health, education) provide for an individual’s right to access their personal information. Organizations must contract with vendors to whom they disclose personal information containing biometric identifiers. The contracted Vendors will not further disclose and will not enroll the biometric identifiers in a database for a commercial purpose inconsistent with the notice and consent requirements for Organizations relating to biometric identifiers.

FINES & PENALTIES

For violations of the notice of breach requirements, consumers may bring a civil action to recover damages, and the Attorney General may bring an action in the name of the state or on behalf of affected state residents. Individuals injured by the failure of an entity to comply with data disposal requirements may bring a civil action to recover damages. The Attorney General may also bring an action for damages, injunctive relief, or both. Organizations may be fined or penalized for Vendor violations.

Washington Statutes and Laws

WASH. REV. CODE CH. 19.215

Disposal of personal information

WASH. REV. CODE CH. 19.255

Personal information – notice of security breaches

WASH. REV. CODE § 19.255.010

Disclosure, notice

WASH. REV. CODE § 19.255.020

Liability of processors, businesses, and vendors

WASH. REV. CODE CH. 19.375

Biometric identifiers

WASH. REV. CODE CH. 28A.604

Student user privacy in education rights

WASH. REV. CODE § 28A.605.030

Student education records – parental review – release of records

WASH. REV. CODE CH. 70.02

Medical records – health care information access and disclosure

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.