On March 26, 2020, Washington, D.C. enacted a revised data breach notification law that includes an updated definition of personal identifiable information (PII) and additional notification requirements for businesses affected by a data breach.
The bill defines personal information as an individual’s name paired with any combination of data, including data such as passport numbers, military identification numbers, personal health information (PHI), biometric data, and genetic profiles.