HR Alert

Virginia: New Data Breach Notification Requirement for Employers and Payroll Service Providers

Law Concerns Breach of State Income Tax Data

A new law in Virginia, effective July 1, 2017, creates a new notification requirement for employers and payroll service providers in the event of a data breach related to certain state income tax data.

Existing state law requires that an individual or entity that owns, maintains, or possesses personal information of Virginia residents, and who has a reasonable belief that such personal information was accessed or acquired by an unauthorized individual or entity, must report the unauthorized breach to the Office of the Virginia Attorney General, and also must provide notification to each affected Virginia resident.

Click here for more information, including the specific notification requirements.

New Notification Requirement
Any employer or payroll service provider that owns or licenses computerized data relating to income tax withheld under state law must notify the Office of the Attorney General (without unreasonable delay) after the discovery or notification of unauthorized access and acquisition of unencrypted and un-redacted computerized data containing a taxpayer identification number (in combination with the income tax withheld for that taxpayer) that:

  • Compromises the confidentiality of such data; and
  • Creates a reasonable belief that an unencrypted and un-redacted version of such information was accessed and acquired by an unauthorized person; and
  • Causes (or the employer or payroll provider reasonably believes has caused or will cause) identity theft or other fraud.

Note: With respect to employers, this provision regarding income tax data applies only to information regarding the employer's employees, and does not apply to information regarding the employer's customers or other non-employees. However, as described above, employers may have reporting obligations regarding the breach of certain personal information.

Affected employers or payroll service providers must provide the Office of the Attorney General with the name and federal employer identification number of the employer (as defined in the state tax code) that may be affected by the compromise in confidentiality.

Click here to read the text of the law.

Login to HRSPI Client Portal
Forgotten PasswordForgot Password
Executive Search Executive Search

Harrassment Prevention

HRSPI offers comprehensive, interactive, AB1825-Compliant training. Programs include introduction to recent anti-bullying legislation.

Latest News

News Archives

Latest Blog

Blog Archives