Skip to main content
Menu Icon
Close

InfoBytes Blog

Financial Services Law Insights and Observations

Virginia requires breach of personal information notification

State Issues State Legislation Privacy/Cyber Risk & Data Security Data Breach State Attorney General

State Issues

On March 18, the Virginia governor signed HB 2396, which amends the Code of Virginia and requires an individual or entity owning or licensing computerized data that includes personal information to disclose all data breaches without “unreasonable delay” to the Virginia Attorney General and any affected Commonwealth residents. Under HB 2396, “personal information” is defined as “the first name or first initial and last name in combination with and linked to any one or more of the following data elements that relate to a resident of the Commonwealth, when the data elements are neither encrypted nor redacted.” The list of data elements was amended to add passport numbers and military identification numbers to the previous list, which included social security numbers, driver’s license numbers, and financial account numbers or credit/debit card numbers combined with codes or passwords that would grant access to a consumer’s financial account. The amendment is effective July 1.