Mandated Timeframe for Breach Reporting and/or Consumer Notification
Without unreasonable delay
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect Personal Information
Program for Protection/Security
Third Party: Specific Obligations
Third Party: Mandated Contracts
Requests for Information
Fines & Penalties
Violations of breach and notification laws up to $2,500 for each violation
Third Party Management
None to minimal
Hawaii’s security breach laws cover computerized and paper records or data containing personal information.
There are specific defined requirements for notification.
When 1,000 or more consumers are notified, reporting is required to the State of Hawaii’s Office of Consumer Protection and all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.
In addition to monetary penalties for violations of security breach notification and reporting, the Attorney General or the Executive Director of the Office of Consumer Protection may bring an action, and a business in violation may be liable for actual damages suffered by a consumer.
Similar monetary penalties can be awarded and actions brought for violations of laws involving protection of personal information and destruction of records.
Law states the reasonable measures required to protect against unauthorized access to or use of the personal information in connection with or after its disposal (paper and electronic).
If vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification.
If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
Haw. Rev. Stat. § 487D Retail Merchant Club Cards (2004)
Haw. Rev. Stat. § 487J Personal information protection requirements (2006)
Haw. Rev. Stat. § 487N Security Breach of Personal Information (2006)
Haw. Rev. Stat. § 487R Destruction of Personal Information Records (2006)
Haw. Rev. Stat. §323B Health Care Privacy Information Records
H.A.R. § 8-34 Protection of Education Rights and Privacy of Students and Parents (1984)