Iowa amends data breach law to cover paper records and to create central reporting
Mark Wolski of Bloomberg BNA reports:
April 8 –Iowa Gov. Terry Branstad (R) recently signed legislation (S.F. 2259) that amends the state’s data breach notification law to require covered entities to notify the state attorney general of breaches affecting more than 500 Iowans.
Under the measure, covered entities must notify the attorney general within five business days after notifying affected individuals.
S.F. 2259, which was signed by the governor April 3, will take effect July 1.
Paper Documents Now Covered
S. 2259 expands the scope of the state’s data breach notice law beyond coverage for breaches affecting unencrypted computerized data to now include personal information in any form, including paper.
Read more on Bloomberg BNA.
One of the additional benefits of the new amendment is that we will now have another state with a centralized repository of data breach reports that I can seek under FOI. More work for me, but yay!