Virginia data breach notification
Virginia SB 307 of 2008 requires that an individual or entity that maintains computerized data that includes personal information that the individual or entity does not own or license shall notify the owner or licensee with information about any breach of the security of the system without unreasonable delay following discovery of the breach of the security of the system, if the personal information was accessed and acquired by an unauthorized person or the individual or entity reasonable believes the personal information was accessed and acquired by an unauthorized person. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:
- Virginia Data Breach Notification: Name and SSN
- Virginia Data Breach Notification: Name and DL
- Virginia Data Breach Notification: Name and CCN