Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws up to $2,500 for each violation

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Hawaii’s security breach laws cover computerized and paper records or data containing personal information.
  • There are specific defined requirements for notification.
  • When 1,000 or more consumers are notified, reporting is required to the State of Hawaii’s Office of Consumer Protection and all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.
  • In addition to monetary penalties for violations of security breach notification and reporting, the Attorney General or the Executive Director of the Office of Consumer Protection may bring an action, and a business in violation may be liable for actual damages suffered by a consumer.
  • Similar monetary penalties can be awarded and actions brought for violations of laws involving protection of personal information and destruction of records.
  • Law states the reasonable measures required to protect against unauthorized access to or use of the personal information in connection with or after its disposal (paper and electronic).
  • If vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • Haw. Rev. Stat. § 487D Retail Merchant Club Cards (2004)
  • Haw. Rev. Stat. § 487J Personal information protection requirements (2006)
  • Haw. Rev. Stat. § 487N Security Breach of Personal Information (2006)
  • Haw. Rev. Stat. § 487R Destruction of Personal Information Records (2006)
  • Haw. Rev. Stat. §323B Health Care Privacy Information Records
  • H.A.R. § 8-34 Protection of Education Rights and Privacy of Students and Parents (1984)
  • H.A.R. §16-54 Personal Records (1986)
BAck to map