North Carolina Amendments to Data Breach Law Finally Introduced

House Bill 904, the long anticipated amendments to the North Carolina Identity Theft Protection Act, N.C. Gen. Stat. § 75-61 et seq..

Highlights include the following:

• Requires businesses to implement reasonable security procedures and practices. Following the trend among states, the bill imposes an obligation on businesses that conduct business in North Carolina or own or license personal information of North Carolina residents to implement and maintain reasonable security procedures and practices to protect personal information from unauthorized access, destruction, use, modification or disclosure.
• Expands the definition of “personal information.” The bill sets forth an expanded definition of “personal information” to include any information regarding an individual’s medical history, condition, treatment, diagnosis, or genetic information by a health care professional, as well as health insurance information such as the individual’s policy number and other unique identifier used by a health insurer or payer to identify the individual.

Source: https://www.jdsupra.com/legalnews/north-carolina-amendments-to-data-14102/