HOUSE OF REPRESENTATIVES

H.B. NO.

678

TWENTY-SIXTH LEGISLATURE, 2011

H.D. 2

STATE OF HAWAII

 

 

 

 

 

 

A BILL FOR AN ACT

 

 

RELATING TO INFORMATION.

 

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF HAWAII:

 


SECTION 1.  Chapter 487N, Hawaii Revised Statutes, is amended by adding a new section to be appropriately designated and to read as follows:

     "§487N-    Duty to pay for credit monitoring reports.  (a)  Any government agency responsible for a security breach that may result in a crime being committed under section 708-839.6, 708-839.7, or 708-839.8 shall be liable for the costs of providing each person whose personal information was disclosed with, at a minimum, a three-year subscription to a nationwide consumer reporting agency's services.  For purposes of this section, every nationwide consumer reporting agency shall be exempt from the provisions of chapter 103D.

     (b)  No later than seven calendar days after a government agency provides notice of the security breach, the government agency responsible for the security breach shall provide each person with a choice of not less than two nationwide consumer reporting agencies from which the person may select to subscribe.  The person, if the person so chooses, shall select a nationwide consumer reporting agency and the credit monitoring and reporting services that the person requires and shall inform the responsible government agency of the person's selection.  If a person elects not to subscribe to any credit monitoring and reporting services offered by a nationwide consumer reporting agency, the person shall notify the responsible government agency in writing of the person's choice to not subscribe to any credit monitoring or reporting services.  The government agency responsible for the security breach shall keep a record of each person's credit monitoring and reporting services selection, or election to not subscribe to those services, for at least five years after the receipt by the government agency of a person's selection or election under this subsection.

     (c)  The responsible government agency shall enroll the person into the credit monitoring and reporting plan of the person's choice within seven calendar days of receipt of the person's selection made under subsection (b) and shall pay all costs associated with the three-year subscription to the selected nationwide consumer reporting agency's services.

     (d)  The office of consumer protection may adopt rules in accordance with chapter 91 to effectuate this section."

     SECTION 2.  Section 487N-1, Hawaii Revised Statutes, is amended as follows:

     1.  By adding a new definition to be appropriately inserted and to read:

     ""Nationwide consumer reporting agency" means a consumer reporting agency, as defined in 15 United States Code Section 1681a(p), that compiles and maintains files on consumers on a nationwide basis."

     2.  By amending the definition of "security breach" to read:

     ""Security breach" [means an]:

     (1)  Means:

         (A)  An incident of unauthorized access to and acquisition of unencrypted or unredacted records or data containing personal information where illegal use of the personal information has occurred, or is reasonably likely to occur and that creates a risk of harm to a person[.];

         (B)  Any incident of unauthorized access to and acquisition of encrypted records or data containing personal information along with the confidential process or key [constitutes a security breach.  Good]; and

         (C)  Any incident of inadvertent, unauthorized disclosure of unencrypted or unredacted records or data containing personal information;

         and

     (2)  Does not include good faith acquisition of personal information by an employee or agent of the business for a legitimate purpose [is not a security breach]; provided that the personal information is not used for a purpose other than a lawful purpose of the business and is not subject to further unauthorized disclosure."

     SECTION 2.  Section 489P-3, Hawaii Revised Statutes, is amended by amending subsection (a) to read as follows:

     "(a)  Any consumer who is a resident of this State may place a security freeze on the consumer's credit report.  A consumer credit reporting agency shall not charge a victim of identity theft or recipient of a security breach notification,  a fee for placing, lifting, or removing a security freeze on a credit report [but may charge any other consumer a fee not to exceed $5 for each request by the consumer to place, lift, or remove a security freeze from the consumer's credit report.]

     A consumer who is a resident of this State and has been the victim of identity theft or recipient of a security breach notification may place a security freeze on the consumer's credit report by making a request in writing by certified mail to a consumer credit reporting agency, at an address designated by the agency to receive such requests, with a valid copy of a police report, investigative report, security breach notification or complaint the consumer has filed with a law enforcement agency about unlawful use of the consumer's personal information by another person.  A consumer who has not been the victim of identity theft may place a security freeze on the consumer's credit report by making a request in writing by certified mail to a consumer credit reporting agency.

     A security freeze shall prohibit the consumer credit reporting agency from releasing the consumer's credit report or any information from it without the express authorization of the consumer.  This subsection shall not prevent a consumer credit reporting agency from advising a third party that a security freeze is in effect with respect to the consumer's credit report."

     SECTION 3.  This Act does not affect rights and duties that matured, penalties that were incurred, and proceedings that were begun before its effective date.

     SECTION 4.  Statutory material to be repealed is bracketed and stricken.  New statutory material is underscored.

SECTION 5.  This Act shall take effect upon its approval.



 

Report Title:

Personal Information; Unauthorized Disclosure; Credit Report

 

Description:

Requires any government agency responsible for a security breach to pay for the costs of providing each person whose personal information was disclosed with, at a minimum, a three-year subscription to a nationwide consumer reporting agency's services. (HB678 HD2)

 

 

 

The summary description of legislation appearing on this page is for informational purposes only and is not legislation or evidence of legislative intent.