a summary of cs for house bill 65 (jud) – a presentation to the hcca alaska local annual...
DESCRIPTION
A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference. Joan Wilson Asst Attorney GeneralState of Alaska [email protected]. House Bill 65. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/1.jpg)
A Summary of CS for House A Summary of CS for House Bill 65 (Jud) – A Presentation Bill 65 (Jud) – A Presentation
to the HCCA Alaska Local to the HCCA Alaska Local Annual ConferenceAnnual Conference
Joan WilsonJoan WilsonAsst Attorney GeneralAsst Attorney GeneralState of AlaskaState of [email protected]@alaska.gov
![Page 2: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/2.jpg)
House Bill 65House Bill 65
An Act relating to Breaches of security An Act relating to Breaches of security involving personal information, involving personal information,
protection of social security numbers, protection of social security numbers, and disposal of recordsand disposal of records
![Page 3: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/3.jpg)
RememberRemember
• This is still a bill– In House Finance– Needs advancement from the House and
consideration of Senate– Approval by Governor
• If unaddressed concerns of Health Care Compliance Association– Utilize legislative process
![Page 4: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/4.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Article 1 – Disclosure of security breach• Article 2 – Credit Report and Credit Score
Security Freeze• Article 3 – Protection of Social Security Number• Article 4 – Disposal of Records• Article 5 – Identity Theft• Article 6 – Truncation of Card Number• Article 7 – General Provisions
![Page 5: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/5.jpg)
Personal Information Protection ActPersonal Information Protection Act
• We won’t discuss– Article 2 -- credit reporting and credit score
security freezes
– Article 5 -- Identity theft
![Page 6: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/6.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Article 7 – General Provisions– Definitions impacting all Articles
• Consumer -- individual• Consumer credit reporting agency• Credit report• Information system – any information system, including a system
consisting of digital databases and a system consisting of pieces of paper
• Person – includes business entities, associations, and natural persons
• State resident – Meets tests of AS 01.10.055– Physically present with the intent to remain indefinitely and make a
home– After establishing residency, consistent absences with residency
acceptable
![Page 7: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/7.jpg)
Personal Information Protection Act Personal Information Protection Act
• Article 1 – Breach of Security Involving Personal Information
![Page 8: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/8.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Definitions– Information Collector: person who owns or
uses personal information in any form if the personal information includes information on a state resident
– Information Distributor: a person who is an information collector and who owns or licenses personal information to an information recipient
![Page 9: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/9.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Definitions– Information Recipient: person who is an
information collector but who does not own or have the right to license to another information collector the personal information received from the information distributor
– Governmental Agency• State or local government agency, except for the
judicial branch
![Page 10: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/10.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Definitions– Personal information: information in any form
on an individual that is not encrypted or redacted, or is encrypted but the encryption key is accessed or acquired, and that consists of a combination of the following information
![Page 11: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/11.jpg)
Personal Information Protection Act Personal Information Protection Act
• Definitions– Personal Information
• An Individual’s Name, address, or telephone Number, and
• One or more of the following– Social security number– Driver’s license number – State ID number– Account number or– Passwords or access codes
![Page 12: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/12.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Definitions– Breach of Security
• An unauthorized acquisition, or reasonable belief of unauthorized acquisition, of personal information that compromises the security, confidentiality, or integrity of the personal information maintained by the information collector
– Acquisition includes acquisition by • photocopying, facsimile or other paper-based method • a device, including a computer, that can read, write, or
store information that is represented in numerical form, or• Any other method
![Page 13: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/13.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Not a breach– The good faith acquisition of personal
information by an employee or agent of an information collector for a legitimate purpose of the information collector is not a breach if the employee or agent does not use the information for an illegitimate purpose and does not make an unauthorized disclosure of the information
• Does not define “unauthorized disclosure” -- by law or individual
![Page 14: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/14.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Rule on disclosure– If a person owns or uses personal information
that includes personal information on a state resident and a breach of security of an information system occurs, the person shall, disclose the breach to each state resident whose personal information was subject to the breach
![Page 15: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/15.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Rule on Disclosure– An information collector will disclose the breach in the
most expeditious time possible and without unreasonable delay except
• As permitted under AS 45.48.020 and• As necessary to determine the scope of the breach and
restore the integrity of the information system
– AS 45.48.020 – allowable delay• Law enforcement agency determines disclosure interferes
with ongoing investigation– Disclose as expeditiously as possible after receipt of written
notice from agency that disclosure no longer interferes
![Page 16: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/16.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Methods of Notice – Written document sent to most recent address
the information collector has– Electronic means in compliance with 15
U.S.C. 7001 (Electronic Signatures in Global and International Commerce Act)
– Cost Effective Means (if qualify)• Electronic mail• Conspicuous posting on collector’s website and• Notice to major statewide media
![Page 17: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/17.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Methods of Notice– Qualification for Cost Effective Means
• Demonstrate notice by first methods would exceed $150,000 or
• Demonstrate affected class of state residents exceeds 300,000 or
• Demonstrate that the information collector does not have sufficient contact information to provide notice
![Page 18: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/18.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Notification to consumer credit reporting agencies– If notification required to 1,000 or more state
residents, the information collector shall also notify consumer credit reporting agencies of the breach
• This section may not be construed to require the collector to identify the names of individuals subject to the breach
• This section does not apply to an information collector subject to the Gramm-Leach-Bliley Financial Modernization Act (15 U.S.C. 6801-6827)
![Page 19: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/19.jpg)
Personal Information Protection ActPersonal Information Protection Act
• No waiver of notification permitted• Treatment of certain breaches
– If there is a breach of an information recipient’s information system, the recipient need not give notice to the state residents, but must notify the information distributor
• The information distributor must give notice as if the breach occurred to the distributor’s information system
![Page 20: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/20.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Penalties– If an information collector is a government agency
• Liable to the state up to $500 for each resident who is not notified up to $50,000
• Enjoined from further violations• Department of Administration enforces• Apply APA and Office of Admin Hearings Procedures
– If an information collector is not a government agency• Violation is an unfair or deceptive act or practice under AS 45.50.471 - 45.50.561
– Private and class actions– Three times actual damages or $500 whichever is greater
• Not liable for penalty under AS 45.50.551• Is liable to state for a penalty up to $500 for each resident who is not
notified up to $50,000
![Page 21: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/21.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Article 2 – Credit Report and Credit Score Security Freeze– Not discussing– Review if you think it impacts your association
or organization
![Page 22: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/22.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Article 3 – Protection of Social Security Number
![Page 23: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/23.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Use of Social Security Number– General Rule -- A person may not
• Intentionally communicate or otherwise make available to the general public an individual’s social security number
• Print an individual’s social security number on a card required to access products or services
• Require an individual to transmit the individual’s SSN over the internet unless the connection is secure or the ssn is encrypted
![Page 24: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/24.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Use of Social Security Number– General Rule -- A person may not
• Require an individual to use his or her SSN to access an internet site unless a password, a unique number, or another authentication device is also required
• Print an SSN number on material mailed to the individual unless
– Local, state, or federal law expressly authorizes the placement or
– The number is included on an application or form to establish, amend, or terminate an account, contract, or policy, or to confirm the accuracy of the SSN, so long as the SSN is not printed on a postcard or in a manner that does not require opening of an envelope to view it.
![Page 25: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/25.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Request and collection of SSN– General Rule: A person who does business
in the state, including the business of government, may not request or collect an individual’s SSN.
![Page 26: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/26.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Request and collection of SSN– Exceptions
• Expressly authorized by local, state, or federal law• Government agency and the request or collection
is authorized by law or the request or collection is required for the performance of the government’s duties
• To a financial institution subject to the Gramm-Leach-Bliley Financial Modernization Act
![Page 27: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/27.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Request and collection of SSN– Exceptions
• To or from a consumer reporting agency• For background check, law enforcement purposes,
individual’s employment purpose• Incidental to a larger transaction and necessary to
verify the identity of the individual– The disclosure cannot have an independent economic
value
![Page 28: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/28.jpg)
Personal Information Protection ActPersonal Information Protection Act
• No sale, lease, loan, trade or rent of an SSN unless authorized by law
• No disclosure of SSN to a 3rd party, unless– Authorized by law– Government and authorized or required for
performance of duties– Financial institution subject to Gramm-Leach-Bliley– Consumer reporting agency – Background check
![Page 29: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/29.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Interagency disclosure between government agencies permissible if required to carry out other agency’s duties or responsibilities
• Employment purpose disclosure– A person may disclose the SSN to an employee or
agent, including an independent contractor, of a person for a legitimate business purpose
– For claim, benefit, or employment processing purpose
![Page 30: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/30.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Authorized by law– Includes agency adopting regulations to
identify when it may print an SSN on material, demand proof of SSN, ask an individual to provide SSN, disclose to a 3rd party, or sell, lease, loan, trade, or rent and SSN to a 3rd party
• Immediate effective date
![Page 31: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/31.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Penalties– Knowing violation – civil penalty not to exceed
$3,000– Private cause of action
• Actual damages• Court costs• Reasonable attorney fees
– Knowingly• Aware that the conduct exists is of the nature or
that the circumstance exists (See AS 11.81.900)
![Page 32: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/32.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Article 4 – Disposal of Records
![Page 33: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/33.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Article 4 -- Disposal of Records– Definitions
• Business – a person who conducts business in the state or a person who conducts business and maintains or otherwise possesses personal information on state residents
– Conducts business defined inclusively (financial institutions and those that hold a license or authorization certification from the state)
![Page 34: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/34.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Definitions– Governmental Agency
• State or local government agency, except for the judicial branch
– Dispose • Discard or abandon records• Sale, donate, discard, or transfer devices
![Page 35: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/35.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Definitions– Personal information
• Passport number, driver’s license number, state ID, bank account, credit, debit, or other payment card number, financial account information, information from a financial application – or
• A combination of an individual’s name, address, or telephone number and medical information, insurance policy number, employment information, or employment history
![Page 36: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/36.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Definitions– Records – material on which information is
written, drawn, spoken, visual, or electromagnetic is recorded or preserved
• Does not include publicly available information containing names, addresses, telephone numbers, or other information an individual has voluntarily consented to have public disseminated or listed
– E.G. – phone books, MySpace pages?
![Page 37: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/37.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Article 4 – Disposal of Records– Rule: When disposing of records that contain
personal information, a business and a governmental agency shall take reasonable measures to protect against unauthorized access to or use of records
• If hire a third party engaged in business of record destruction (following due diligence standard), not liable after relinquish records
• Also not liable once release records to the individual whom the record pertains
![Page 38: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/38.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Exception -- A business or governmental agency is not required to comply with Article 4 if
• Federal law requires the agency to act in a way that does not comply with Article 4
• The business is subject to the Gramm-Leach-Bliley Financial Modernization Act
• The manner of disposal of records is subject to the Fair Credit Reporting Act and in compliance with 15 U.S.C. 1861w
• No apparent HIPAA exception– Also likely not inconsistent
![Page 39: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/39.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Measures to protect access include– (Requirement) Implementing and monitoring
compliance with policies and procedures that require
• the burning, pulverizing, or shredding of paper documents
• Destruction or erasure of electronic media and other non-paper media
• After due diligence, entering into a written contract with a third party in the business of record construction
![Page 40: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/40.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Due diligence in selecting third party– Reviewing an independent audit of 3rd party’s
operations– Check with several references and requiring
certification by a trade organization with high standards of review or
– Reviewing and evaluating the 3rd party’s information security policy and procedures or taking other measures to determine competency and integrity
![Page 41: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/41.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Penalties– Knowing violation – civil penalty to the state
not to exceed $3,000– Private cause of action to enjoin action
• Actual damages• Court costs• Attorney fees
– Same knowingly definition as above
![Page 42: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/42.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Article 5 – Factual Declaration of Innocence after Identity Theft, Right to File Police Report Regarding Identity Theft
![Page 43: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/43.jpg)
Personal Information Protection ActPersonal Information Protection Act
• A victim of identity theft, the State, or the court may petition for declaration of innocence if– Perpetrator arrested, cited, or convicted– Criminal complaint filed against perpetrator,
and– Victim’s identity mistakenly associated with
record of conviction for a crime• Reasonable doubt standard
![Page 44: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/44.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Also right to file police report regarding identity theft
![Page 45: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/45.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Article 6 – Truncation of Card Information
![Page 46: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/46.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Truncation of Card Information– Rule: A person who accepts credit or debit
cards for the transaction of business may not print more than the last four digits of the expiration date on the receipt or physical record of the transaction
• Applies only to electronically printed (not hand written or imprint) receipts
• No longer sell a device in the state after Jan 1, 2009 that electronically prints more than last 4 digits
![Page 47: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/47.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Penalties– Knowing violation -- Liable to the State for a
civil penalty not to exceed $3,000– Private cause of action
• Actual damages of $5,000 – whichever is greater• Court costs• Attorney fees
– Same knowingly standard as above
![Page 48: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/48.jpg)
Personal Information Protection ActPersonal Information Protection Act
• Questions?
![Page 49: A Summary of CS for House Bill 65 (Jud) – A Presentation to the HCCA Alaska Local Annual Conference](https://reader035.vdocument.in/reader035/viewer/2022070423/568167f4550346895ddd6a01/html5/thumbnails/49.jpg)
Personal Information Protection ActPersonal Information Protection Act