AG Racine Lauds Passage of OAG Legislation to Protect District Residents' Privacy and Security

D.C. Council Voted to Modernize Consumer Protections Against Data Breaches, Enhance Security and Reporting Requirements for Companies

WASHINGTON, D.C. – Attorney General Karl A. Racine today thanked Chairman Phil Mendelson and the Council of the District of Columbia for passing the Security Breach Protection Amendment Act of 2019. Last March, the Office of the Attorney General (OAG) introduced the legislation to modernize the District’s existing data breach law and strengthen protections for residents’ personal information. The Council passed the bill unanimously.

“Thanks to Chairman Mendelson and the entire Council for putting residents’ privacy and security front and center,” said Attorney General Karl A. Racine. “This law brings the District of Columbia into the vanguard of state and local governments that have required companies collecting vast amounts of personal information to take appropriate precautions that safeguard consumers’ health, financial, and other data. And because laws without enforcement and accountability are toothless, OAG’s Security Breach Protection Amendment Act strengthens the District’s ability to hold companies responsible if they fail to implement reasonable protections for D.C. residents.”

A data breach occurs when sensitive or confidential information is intentionally or accidentally released by a company or an individual. These releases of information may happen because of lax security or as a result of hacking or cyber-attacks. Data breaches often result in the public disclosure of personally identifiable information like names, addresses, and phone numbers, or financial information, like bank and credit card details. Recent years have seen some of the largest and most serious data breaches in history, including the Equifax breach, which exposed the personal information of over 143 million people, including nearly 350,000 District residents.

The new legislation expands legal protections to cover additional types of personal information from identity theft and fraud, requires companies that deal with personal information to implement safeguards, includes additional reporting requirements for companies that suffer a data breach, and requires companies that expose consumers’ social security numbers to offer 18 months of free identity theft protection.

OAG’s testimony on behalf of the Security Breach Protection Amendment Act of 2019 is available at: https://oag.dc.gov/release/testimony-security-breach-protection-amendment-act

Protecting Your Personal Information
For information about steps you can take to protect your own sensitive and private information, visit OAG’s Consumer Protection Library. Learn more about how to protect yourself online here.

How to File a Consumer Complaint
Consumers can report data theft, scams, and unlawful or abusive business practices to OAG’s Office of Consumer Protection by calling (202) 442-9828, emailing consumer.protection@dc.gov, or submitting a complaint online.