District of Columbia security breach notification act

District of Columbia CB 16-810, signed into law as the Consumer Personal Information Security Breach Notification Act in 2007, requires any person or entity who conducts business in the District of Columbia, and who, in the course of such business, owns or licenses computerized or other electronic data that includes personal information, and who discovers a breach of the security of the system, shall promptly notify any District of Columbia resident whose personal information was included in the breach. The notification shall be made n the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, as provided in subsection (d) of this section, and with any measures necessary to determine the scope of the breach and restore the reasonable integrity of the data system. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• District of Columbia Security Breach Notification Act: Name and SSN
• District of Columbia Security Breach Notification Act: Name and DL
• District of Columbia Security Breach Notification Act: Name and CCN
• District of Columbia Security Breach Notification Act: Name and Password (Wide)
• District of Columbia Security Breach Notification Act: Name and Password (Default)
• District of Columbia Security Breach Notification Act: Name and Password (Narrow)
• District of Columbia Security Breach Notification Act: Password Dissemination for HTTP Traffic (Wide)
• District of Columbia Security Breach Notification Act: Password Dissemination for HTTP Traffic (Default)
• District of Columbia Security Breach Notification Act: Password Dissemination for HTTP Traffic (Narrow)