Senate File: 2308
Iowa Code: §715C.1 to 2
Effective Date: July 1, 2008
Definition of Personal Information: An individual's first name or first initial and last name in combination with any one or more of the following data elements that relate to the individual if any of the data elements are not encrypted, redacted, or otherwise altered by any method or technology in such a manner that the name or data elements are unreadable:
(a) Social security number;
(b) Driver's license number or other unique ID number created or collected by a government body;
(c) Financial account number, credit card number, or debit card number in combination with any required security code, access code, or password that would permit access to an individual's financial account.
(d) Unique electronic identifier or routing code, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
(e) Unique biometric data, such as a fingerprint, voice print or recording, retina or iris image, or other unique physical representation or digital representation of biometric data.
Summary: Any person who owns or licenses computerized data that includes a consumer's personal information that is used in the course of the person's business, vocation, occupation, or volunteer activities and that was subject to a breach of security shall give notice of the breach of security following discovery of such breach of security, or receipt of notification, to any consumer whose personal information was included in the information that was breached. The consumer notification shall be made in the most expeditious manner possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, and consistent with any measures necessary to sufficiently determine contact information for the affected consumers, determine the scope of the breach, and restore the reasonable integrity, security, and confidentiality of the data. Any person who maintains or otherwise possesses personal information on behalf of another person shall notify the owner or licensor of the information of any breach of security immediately following discovery of such breach of security if a consumer's personal information was included in the information that was breached.
Visit the state Web site