VA HB954 | 2020 | Regular Session
Note: Carry Foward to future HB954
Status
Spectrum: Partisan Bill (Democrat 1-0)
Status: Introduced on January 7 2020 - 25% progression, died in committee
Action: 2020-01-27 - Continued to 2021 in Communications, Technology and Innovation by voice vote
Pending: House Communications, Technology and Innovation Committee
Text: Latest bill text (Prefiled) [HTML]
Status: Introduced on January 7 2020 - 25% progression, died in committee
Action: 2020-01-27 - Continued to 2021 in Communications, Technology and Innovation by voice vote
Pending: House Communications, Technology and Innovation Committee
Text: Latest bill text (Prefiled) [HTML]
Summary
Cybersecurity; care and disposal of customer records; security for connected devices. Requires any business to take all reasonable steps to dispose of, or arrange for the disposal of, customer records within its custody or control containing personal information when the records are no longer to be retained by the business by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or indecipherable. The measure requires any business that owns, licenses, or maintains personal information about a customer to implement and maintain reasonable security procedures and practices appropriate to the nature of the information in order to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. A violation of these requirements constitutes a prohibited practice under the Virginia Consumer Protection Act. The measure also requires a manufacturer of a device or other physical object that is capable of connecting directly or indirectly to the Internet to (i) equip the device with reasonable security features, (ii) demonstrate conformity with industry standards for cybersecurity and resiliency, (iii) provide an opt-in forum or registration capability to allow consumers to know when a vulnerability or breach is discovered, (iv) make patch notification and end-of-life support events easily obtainable by registered users of the manufacturer's connected devices, and (v) when it is aware of existing vulnerabilities that put more than 500 users at risk, notify the office of the Chief Information Officer of the Commonwealth and provide remediation steps to consumers without unreasonable delay. The bill has a delayed effective date of January 1, 2021.
Title
Cybersecurity; care and disposal of customer records, security for connected devices.
Sponsors
| Del. Hala Ayala [D] |
History
| Date | Chamber | Action |
|---|---|---|
| 2020-01-27 | House | Continued to 2021 in Communications, Technology and Innovation by voice vote |
| 2020-01-07 | House | Referred to Committee on Communications, Technology and Innovation |
| 2020-01-07 | House | Prefiled and ordered printed; offered 01/08/20 20100251D |
Same As/Similar To
HB954 (Carry Over) 2020-01-27 - Continued to 2021 in Communications, Technology and Innovation by voice vote
Code Citations
| Chapter | Article | Section | Citation Type | Statute Text |
|---|---|---|---|---|
| 59 | 1 | 200 | (n/a) | See Bill Text |
| 59 | 1 | 443.4 | (n/a) | See Bill Text |
| 59 | 1 | 444 | (n/a) | See Bill Text |
| 59 | 1 | 444.10 | (n/a) | See Bill Text |
| 59 | 1 | 444.4 | (n/a) | See Bill Text |
Virginia State Sources
| Type | Source |
|---|---|
| Summary | https://lis.virginia.gov/cgi-bin/legp604.exe?201+sum+HB954 |
| Text | https://lis.virginia.gov/cgi-bin/legp604.exe?201+ful+HB954+hil |
