Breach, Compliance Management, Threat Management, Data Security, Government Regulations, Malware, Phishing, Ransomware

North Carolina introduces data breach legislation, after incidents rise in 2017

More than 5.3 million residents of North Carolina were victims of data breaches in 2017 – an escalating trend that has prompted state Attorney General Josh Stein (D) and state Rep. Jason Saine (R) to introduce newly proposed legislation to prevent further incidents and protect the public.

Unveiled on Jan. 8, the bipartisan "Act to Strengthen Identity Theft Protections” updates the state's definition of a data breach, expanding the scope to include ransomware attacks. It also requires that affected companies report any such incident to the public and the AG's office within 15 days.

Additionally, the bill also requires businesses that own or license consumers' personal information to execute reasonable security procedures and practices to protect said data, including medical records and insurance account numbers.

If a company fails to uphold its responsibilities, it will be considered a violation of the Unfair and Deceptive Trade Practices Act. According to a fact sheet detailing the proposed legislation, “each person affected by the breach represents a separate and distinct violation of the law.”

Additionally, the proposed act allows consumers to easily freeze their credit, access free credit reports, and view information collected on them by consumer reporting agencies. If one of these agencies is breached, like Equifax infamously was in 2017, that service would have to offer five years of free credit monitoring to impacted consumers.

The legislation also states that companies looking to obtain a consumer's credit report or score would first need the consumer's permission.

The bill's announcement came as the state released its annual report on data breaches reported to the state AG's office. According to the document, there were 1,022 reported breaches in 2017 – a 15 percent increase over 2016. Of that amount, just over half were caused by malicious hacking.

Phishing scams were responsible for the second largest number of breaches, jumping dramatically from just 1.76 percent in 2015 to 24.27 percent in 2017.

In a press release, Stein said that the findings were “staggering and unacceptable,” adding: “North Carolina's laws on this issue are strong – but they need to be even stronger.”

“As more and more of our daily activities involve digital interactions, ensuring the safety of North Carolina's citizen's data is of critical importance,” said Saine, also in the release. “When there is a breach, we need to ensure that consumers are notified in a timely fashion and that they have the tools they need to protect their personal identity from bad actors.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.