There is a newer version of this Section
2023
2022
2021
2020
2019
Other previous versions
View our newest version here

2018 District of Columbia Code
Title 28 - Commercial Instruments and Transactions. [Enacted title]
Chapter 38 - Consumer Protections.
Subchapter II - Consumer Security Breach Notification.
§ 28–3851. Definitions.

Universal Citation: DC Code § 28–3851 (2018)
Next

For purposes of this subchapter, the term:

(1) “Breach of the security of the system” means unauthorized acquisition of computerized or other electronic data, or any equipment or device storing such data, that compromises the security, confidentiality, or integrity of personal information maintained by the person or business. The term “breach of the security system” shall not include a good faith acquisition of personal information by an employee or agent of the person or business for the purposes of the person or business if the personal information is not used improperly or subject to further unauthorized disclosure. Acquisition of data that has been rendered secure, so as to be unusable by an unauthorized third party, shall not be deemed to be a breach of the security of the system.

(2) “Notify” or “notification” means providing information through any of the following methods:

(A) Written notice;

(B) Electronic notice, if the customer has consented to receipt of electronic notice consistent with the provisions regarding electronic records and signatures set forth in the Electronic Signatures in Global and National Commerce Act, approved June 30, 2000 (114 Stat. 641; 15 U.S.C. § 7001); or

(C)(i) Substitute notice, if the person or business demonstrates that the cost of providing notice to persons subject to this subchapter would exceed $50,000, that the number of persons to receive notice under this subchapter exceeds 100,000, or that the person or business does not have sufficient contact information.

(ii) Substitute notice shall consist of all of the following:

(I) E-mail notice when the person or business has an e-mail address for the subject persons;

(II) Conspicuous posting of the notice on the website page of the person or business if the person or business maintains one; and

(III) Notice to major local and, if applicable, national media.

(3)(A) “Personal information” means:

(i) An individual’s first name or first initial and last name, or phone number, or address, and any one or more of the following data elements:

(I) Social security number;

(II) Driver’s license number or District of Columbia Identification Card number; or

(III) Credit card number or debit card number; or

(ii) Any other number or code or combination of numbers or codes, such as account number, security code, access code, or password, that allows access to or use of an individual’s financial or credit account.

(B) For purposes of this paragraph, the term “personal information” shall not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

(Mar. 8, 2007, D.C. Law 16-237, § 2(c), 54 DCR 393.)

Editor's Notes

Section 3 of D.C. Law 16-237 provided: “This act shall apply as of July 1, 2007.”

Next
Disclaimer: These codes may not be the most recent version. District of Columbia may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.