Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Articles
    4. Data privacy legislation updates from Washington State and Washington, D.C.

      Articles

    Article

    Data privacy legislation updates from Washington State and Washington, D.C.

    March 25, 2019

    LinkedInX (Twitter)EmailCopy URL

    Karina Puttieva

    While there has not been any concrete movement on a federal data privacy law, there has been some progress on the state and local level.

    While there has not been any concrete movement on a federal data privacy law, there has been some progress on the state and local level.

    Washington State

    Washington State Senator Reuven Carlyle’s privacy bill, introduced back in mid-January, cleared the State Senate earlier this month and is under consideration in the House. The bill covers companies that control personal data of 100,000 or more Washington residents and also data brokers with information on at least 25,000 Washington state residents.

    Some of the obligations imposed on these covered entities echo the CCPA and the GDPR. For instance, companies much specify how they use their personal information and for what purposes. They must also comply with consumer requests to delete personal data, so long as requisite conditions are met (e.g., if a company can no longer identify a business reason for keeping that information). Finally, companies have to perform risk assessments of their data processing activities and take stock of any potential harm for consumers’ personal data.

    But, other obligations are unique: this bill expressly addresses facial recognition technology. In the bill’s current form, any company that uses facial recognition in a public space must give notice to visitors that the technology is in use. Moreover, companies that sell facial recognition software must make their software available for third-party testing to monitor bias. Finally, the bill expressly bars public agencies from tracking individuals using facial recognition without a warrant.

    Washington, D.C.

    Last week, Washington, D.C., Attorney General Karl A. Racine introduced an amendment to D.C.’s current data breach notification law. Racine’s bill expands the definition of personal information to include passport numbers, taxpayer identification numbers, military ID numbers, health information, biometric data, genetic information and DNA profiles and health insurance information. Further, data breach notices to consumers would now have to include (a) categories of information that were, or are believed to have been, involved in the breach; (b) contact information for both the person making the notification and for credit reporting agencies, the FTC and the D.C. Attorney General; and (c) the right under federal law to obtain a security freeze at no cost and how to obtain such a freeze. If the breach includes social security numbers, businesses must also offer two full years of free identity theft protection. Finally, in addition to the requirement to maintain “reasonable safeguards” to protect D.C. residents’ personal information, businesses would also have to contractually impose that obligation on any nonaffiliated third party with which businesses share that personal information.

    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved