Hawaii security breach of personal information

Hawaii SB 2290 of 2007 requires that any business that owns or licenses personal information of residents of Hawaii, any business that conducts business in Hawaii that owns or licenses personal information in any form (whether computerized, paper, or otherwise), or any government agency that collects personal information for specific government purposes shall provide notice to the affected person that there has been a security breach, following discovery or notification of the breach. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. Additional rules detect passwords and account numbers. The rules for this policy are:

• Hawaii Security Breach of Personal Information: Name and SSN
• Hawaii Security Breach of Personal Information: Name and DL
• Hawaii Security Breach of Personal Information: Name and CCN
• Hawaii Security Breach of Personal Information: Name and Password (Wide)
• Hawaii Security Breach of Personal Information: Name and Password (Default)
• Hawaii Security Breach of Personal Information: Name and Password (Narrow)
• Hawaii Security Breach of Personal Information: Password Dissemination for HTTP Traffic (Wide)
• Hawaii Security Breach of Personal Information: Password Dissemination for HTTP Traffic (Default)
• Hawaii Security Breach of Personal Information: Password Dissemination for HTTP Traffic (Narrow)
• Hawaii Security Breach of Personal Information: Account and Password