Posts Tagged ‘Recreation’

Hawaii Law Briefing – Hawaii Security Breach Law and Identity Theft Notification

March 15th, 2022

Identity theft is one of the fastest growing crimes committed throughout the United States. Criminals who steal personal information use the information to open credit card accounts, write bad checks, buy cars, and commit other financial crimes with other people’s identities.

Hawaii has the sixth worst record of identity theft in the nation, according to a 2007 report.

I. Hawaii’s Security Breach Law

Identity theft in Hawaii has resulted in significant losses to both businesses and consumers. This epidemic motivated the Hawaii legislature in 2006 to pass several bills whose purpose is to provide increased protection to Hawaii residents from identity theft:

Act 135: Requires businesses and government agencies that keep confidential information about consumers to notify those consumers if that information has been compromised by an unauthorized disclosure;

Act 136: Requires reasonable measures to protect against unauthorized access to personal information to be taken when disposing of records;

Act 137: Restricts businesses and government agencies from disclosing/requiring social security numbers to/from the public;

Act 138: Permits consumer who has been the victim of identity theft to place a security freeze on their credit report;

Act 139: Intentional or knowing possession without authorization of confidential personal information is a class C felony.

Together, the bills signed into law by Governor Linda Lingle as HRS Chapter 487R impose obligations on businesses in Hawaii to notify residents whenever their personal information maintained by the business has been compromised by unauthorized disclosure.

HRS Chapter 487R does not cover financial institutions subject to the Federal Interagency Guidance on Response Programs for Unauthorized Access to Consumer Information and Customer Notice, or Health plans and providers subject to HIPAA.

The underlying policy behind HRS Chapter 487R is that prompt notification will help potential victims to act against identity theft by initiating steps to monitor their credit reputation. Thus, it is critical that any business subject to HRS Chapter 487R audit the manner in which confidential personal information is maintained and have a security breach team prepared to comply with the notice obligations and effectively deal with any breach of personal information.