Iowa Governor Terry Brandstad has signed Senate File 2259, an act modifying provisions applicable to personal information security breach notification requirements.
Iowa’s law will now require notice of breaches of unauthorized acquisition of information that is on paper (in addition to computerized data) and to require notice to the consumer protection division of the state Attorney General’s office if a data breach affects more than 500 residents. Notice to the Attorney General’s office must be made within five days of notice to individuals. The changes take effect on July 1, 2014.
Written by Bruce Sarkisian, Associate, Privacy & Data Security | Alston & Bird LLP