Hourly Update

House OKs bill to curb identity theft

PHOENIX - Taking a step to curb identity theft, the House on Monday unanimously approved a bill to require companies to notify Arizonans if a security breach of unencrypted computerized data puts sensitive personal information at risk. The Senate previously passed the bill (SB1338) but it now returns to that chamber for consideration of changes made by the House. Passage would sent it to Gov. Janet Napolitano. Identify theft is a concern for state lawmakers because the Federal Trade Commission says Arizona is the state with the highest per-capita rate of identity theft complaints by consumers. Phoenix has that status among U.S. metropolitan areas. The security breach issue drew attention in Arizona last year when a hacker penetrated a credit card processor in Tucson, exposing millions of cardholders to possible fraud. Separately, a theft at a managed care company in Phoenix exposed the personal information of thousands of insurance customers and health care providers. A legislative staff memo said security breaches can take many forms, including lost or misplaced disks or backup tapes, stolen laptops or computers, hacked data or compromised passwords. The bill covers unencrypted computerized personal data, including Social Security numbers and numbers for driver licenses, credit cards and financial accounts. The notification would have to include a description of the breach and of steps taken in response. Notifications can be delayed if a law enforcement agency decides that notification would impede criminal proceedings. The bill's proposed requirements could be enforced only by the state Attorney General's Office. Violations would be subject to civil proceedings leading to compensation for damages incurred and a civil penalty of up to $10,000 per breach.