April saw amendments to Washington State's and North Dakota's breach notification statutes.
In a prior Orrick Alert, we discussed some of the implications from the proposed data breach notification amendments in Washington State, which were largely included in the version of the bill that passed last month. In this alert, we summarize all of the significant changes to Washington State's new law and North Dakota's new law.
Washington State's amendments, which by far are the most sweeping, implement a number of new important changes. Of most significant import is the change to the encryption exemption discussed in a prior Orrick alert published when the amendments were initially proposed. Under the law, companies will be required to provide notice to Washington State residents whose personal information is compromised if the information is not encrypted "in a manner that meets or exceeds the National Institute of Standards and Technology (NIST) standard" or otherwise modified so that it is unreadable, unusable, or undecipherable. The law also requires notice when encrypted personal information is compromised if the encryption key or cipher is also compromised.
Other notable changes include the following:
North Dakota amendments (passed the same day) make fewer, but still important, changes. Among other things, the North Dakota law:
Washington State's law becomes effective on July 24, 2015. North Dakota's law becomes effective on August 1, 2015.
 Although not explicit, presumably the law refers to NIST Federal Information Processing Standards Publication 197 (Nov. 26, 2001), available at http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf.
Orrick's Cybersecurity and Data Privacy Group is an interdisciplinary team with members in the U.S., Europe and Asia. We craft practical solutions across a host of risk management, consumer protection, brand protection, investigatory and litigation contexts. We leverage our relationships with leading privacy and security consultants, domestic and international law enforcement, government, academia and policy groups, so that our clients benefit from multi-angle solutions.