The
US capital region is on track to implement new regulations akin to the EU’s
GDPR, the local government of Washington D.C. said in a press release. The law
seeks to expand protections for residents’ personal data and includes new
compliance requirements for entities handling data of D.C. residents.

Attorney
General Karl A. Racine says D.C. residents have been among those recently hit
by some of the most serious data breaches in history. The Equifax breach alone,
which exposed personal information of over 143 million people, affected 350,000
District residents, he said.

“Data breaches and identify theft continue to pose major threats to District residents and consumers nationwide,” Racine said. “The District’s current data security law does not adequately protect residents. Today’s amendment will bolster the District’s ability to hold companies responsible when they collect and use vast amounts of consumer data and do not protect it. I urge the Council to pass this legislation quickly for the benefit of District residents.”

The
Security Breach Protection Amendment Act of 2019 seeks to:

  • Expand the definition of personal information subject to legal protection, including passport numbers, military ID numbers, health and biometric data, and even genetic information.
  • Create new compliance requirements for companies that handle personal information, so as to provide identity theft protection if they expose Social Security numbers, and to inform customers of their rights when a breach occurs and their personal data is at risk.

The Office of the Attorney General would also become the go-to authority for reporting any violation of the District’s Consumer Protection Procedures Act, according to the news release. Readers can view the full bill here.