SEARCH SITE
VIRGINIA LAW PORTAL
- Code of Virginia
- Virginia Administrative Code
- Constitution of Virginia
- Charters
- Authorities
- Compacts
- Uncodified Acts
- RIS Users (account required)
SEARCHABLE DATABASES
- Bills & Resolutions
session legislation - Bill Summaries
session summaries - Reports to the General Assembly
House and Senate documents - Legislative Liaisons
State agency contacts
ACROSS SESSIONS
- Subject Index: Since 1995
- Bills & Resolutions: Since 1994
- Summaries: Since 1994
Developed and maintained by the Division of Legislative Automated Systems.
2019 SESSION
HB 2793 Cybersecurity; care and disposal of customer records, security for connected devices.
Introduced by: Hala S. Ayala | all patrons ... notes | add to my profiles
SUMMARY AS INTRODUCED:
Cybersecurity; care and disposal of customer records; security for connected devices. Requires any business to take all reasonable steps to dispose of, or arrange for the disposal of, customer records within its custody or control containing personal information when the records are no longer to be retained by the business by shredding, erasing, or otherwise modifying the personal information in those records to make it unreadable or undecipherable. The measure requires any business that owns or licenses personal information about a customer to implement and maintain reasonable security procedures and practices appropriate to the nature of the information in order to protect the personal information from unauthorized access, destruction, use, modification, or disclosure. The measure also requires a manufacturer of a device or other physical object that is capable of connecting directly or indirectly to the Internet to (i) equip the device with reasonable security features, (ii) demonstrate conformity with industry standards for cybersecurity and resiliency, (iii) provide an opt-in forum or registration capability to allow consumers to know when a vulnerability or breach is discovered, (iv) make patch notification and end-of-life support events easily obtainable by registered users of the manufacturer's connected devices, and (v) when it is aware of existing vulnerabilities that put more than 500 users at risk, notify the office of the Chief Information Officer of the Commonwealth and provide remediation steps to consumers without unreasonable delay. The bill has a delayed effective date of January 1, 2020.
FULL TEXT
AMENDMENTS
HISTORY
- 01/18/19 House: Presented and ordered printed 19104706D
- 01/18/19 House: Referred to Committee on Commerce and Labor
- 01/22/19 House: Assigned C & L sub: Subcommittee #1
- 01/29/19 House: Subcommittee recommends passing by indefinitely (5-Y 2-N)
- 02/05/19 House: Left in Commerce and Labor