Virginia: General Assembly approves breach notification amendment on payroll data
The General Assembly of Virginia approved, on 13 March 2017, an Act to Amend and Reenact § 18.2-186.6 of the Code of Virginia, Relating to a Notification Requirement for Breach of Payroll Data ('the Amendment').
According to the Amendment, employers and payroll service providers that own or license computerised data relating to income tax are required to notify the Attorney General ('AG') without unreasonable delay if they discover a breach of unencrypted and unredacted computerised data containing a taxpayer identification number in combination with the income tax withheld for that taxpayer, and the breach has caused, or the employer or payroll provider reasonably believes has caused or will cause, identity theft or other fraud.
In the event of such a breach, the employer or payroll service provider has to inform the AG of the name and federal employer identification number of the employer that may be affected by the breach. Nevertheless, with respect to employers, the notification requirement applies only to information regarding the employer's employees, and does not apply to information regarding the customers or non-employees.
The Amendment will be effective on 1 July 2017.
You can read the amended § 18.2-186.6 of the Code of Virginia here.