Menu
2017 Session

Budget Amendments - HB1500 (Conference Report)

View Budget Item
View Budget Item amendments

Amend Language Requiring the Reporting of Data Breaches (language only)

Item 275 #2c

Item 275 #2c

Finance
Department of Taxation

Language

Page 250, line 38, after “law,” strike:

“any person that owns or licenses computerized".

Page 250, strike lines 39 through 43 and insert:

"any employer or payroll service provider that owns or licenses computerized data relating to income tax withheld pursuant to Article 16 (§ 58.1-460 et seq.) of Chapter 3 of Title 58.1 shall notify the Office of the Attorney General without unreasonable delay after the discovery or notification of unauthorized access and acquisition of unencrypted and unredacted computerized data containing a taxpayer identification number in combination with the income tax withheld for that taxpayer that compromises the confidentiality of such data and that creates a reasonable belief that an unencrypted and unredacted version of such information was accessed and acquired by an unauthorized person, and causes, or the employer or payroll provider reasonably believes has caused or will cause, identity theft or other fraud. With respect to employers, this requirement applies only to information regarding the employer's employees, and does not apply to information regarding the employer's customers or other non-employees.

Such employer or payroll service provider shall provide the Office of the Attorney General with the name and federal employer identification number of the employer as defined in § 58.1-460 that may be affected by the compromise in confidentiality. Upon receipt of such notice, the Office of the Attorney General shall notify the Department of Taxation of the compromise in confidentiality. The notification required under this provision that does not otherwise require notification under subsections A through L of § 18.2-186.6, Code of Virginia, shall not be subject to any other notification, requirement, exemption, or penalty contained in that section.”



Explanation

(This amendment makes technical changes to the Reporting Requirement for Data Breaches. These changes are intended to conform such reporting requirements with existing statutory language, which generally requires the reporting of data breaches to the Office of the Attorney General.)