District of Columbia Code Division V. Local Business Affairs § 28-3851. Definitions.

For purposes of this subchapter, the term:

(1) “Breach of the security of the system” means unauthorized acquisition of computerized or other electronic data, or any equipment or device storing such data, that compromises the security, confidentiality, or integrity of personal information maintained by the person or business.  The term “breach of the security system” shall not include a good faith acquisition of personal information by an employee or agent of the person or business for the purposes of the person or business if the personal information is not used improperly or subject to further unauthorized disclosure.  Acquisition of data that has been rendered secure, so as to be unusable by an unauthorized third party, shall not be deemed to be a breach of the security of the system.

(2) “Notify” or “notification” means providing information through any of the following methods:

(A) Written notice;

(B) Electronic notice, if the customer has consented to receipt of electronic notice consistent with the provisions regarding electronic records and signatures set forth in the Electronic Signatures in Global and National Commerce Act, approved June 30, 2000 (114 Stat. 641;   15 U.S.C.S. § 7001 );  or

(C)(i) Substitute notice, if the person or business demonstrates that the cost of providing notice to persons subject to this subchapter would exceed $50,000, that the number of persons to receive notice under this subchapter exceeds 100,000, or that the person or business does not have sufficient contact information.

(ii) Substitute notice shall consist of all of the following:

(I) E-mail notice when the person or business has an e-mail address for the subject persons;

(II) Conspicuous posting of the notice on the website page of the person or business if the person or business maintains one;  and

(III) Notice to major local and, if applicable, national media.

(3)(A) “Personal information” means:

(i) An individual's first name or first initial and last name, or phone number, or address, and any one or more of the following data elements:

(I) Social security number;

(II) Driver's license number or District of Columbia Identification Card number;  or

(III) Credit card number or debit card number;  or

(ii) Any other number or code or combination of numbers or codes, such as account number, security code, access code, or password, that allows access to or use of an individual's financial or credit account.

(B) For purposes of this paragraph, the term “personal information” shall not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.

Cite this article: FindLaw.com - District of Columbia Code Division V. Local Business Affairs § 28-3851. Definitions. - last updated January 01, 2020 | https://codes.findlaw.com/dc/division-v-local-business-affairs/dc-code-sect-28-3851.html


FindLaw Codes are provided courtesy of Thomson Reuters Westlaw, the industry-leading online legal research system. For more detailed codes research information, including annotations and citations, please visit Westlaw.

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature or via Westlaw before relying on it for your legal needs.

Copied to clipboard