Upon data breach incidents, North Carolina introduces new legislation

According to the State’s annual report, over 5.3 million North Carolina consumers were impacted by 1,022 data breaches in 2017, marking a 15 percent increase over 2016. The escalating trend encouraged state Attorney General (AG) Josh Stein and state Representative Jason Saine, to introduce the bipartisan ‘Act to Strengthen Identity Theft Protections’, a legislation to prevent further incidents and protect the public from data breaches including ransomware attacks. It will require affected companies to also report any such incident to the public and the AG’s office within 15 days. The bill will require businesses that own or license consumers’ personal information to execute ‘reasonable security procedures and practices’ to protect said data, including medical records and insurance account numbers. Failing to uphold its responsibilities, it will be considered as violation of the ‘Unfair and Deceptive Trade Practices Act’. In a press release, Stein noted that the findings were ‘staggering and unacceptable’, continuing: ‘As more and more of our daily activities involve digital interactions, ensuring the safety of North Carolina’s citizen’s data is of critical importance. When there is a breach, we need to ensure that consumers are notified in a timely fashion and that they have the tools they need to protect their personal identity from bad actors.’