Hawaii Privacy Laws

Breach Notification

Mandated Timeframe

Without unreasnable delay

Fines & Penalties

Violations

Up to $2,500 per violation

REGULATION LEVELS

Breach Reporting Consumer Notifications
Vendor Management Vendor Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasnable delay

Fines & Penalties

Violations

Up to $2,500 per violation

REGULATION LEVELS

Breach
Reporting
Consumer
Notifications
Vendor
Management
Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $2,500 per violationy

REGULATION LEVELS

Breach
Reporting
Consumer
Notifications
Vendor
Management
Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Quick Facts

Hawaii Privacy Law Information

  • Definition of Personal Information

    Hawaii’s security breach law applies to personal information in any format (whether computerized, paper or otherwise).

  • Privacy Program

    Organizations conducting business in HI must take reasonable measures to protect against unauthorized access to or use of personal information in connection with or after its disposal. Organizations contracting with a data disposal Vendor must monitor and exercise due diligence ensuring the required policies and procedures are in place for the destruction of records, review an independent audit, obtain reliable professional references, require trade association certification.

  • Breach Reporting

    When 1,000 or more consumers are notified, reporting is required to the State of Hawaii’s Office of Consumer Protection and all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.

  • Consumer Notification

    There are specifically defined requirements for consumer notification. If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

  • Vendor/Third Parties

    Vendors in the business of destroying records must have policies and procedures in place for the destruction of records containing personal information so the records are unreadable or undecipherable. Vendors in the business of destroying records must have policies and procedures in place for the protection of personal information during and after collection, transportation, and destruction.

  • Industry Specific Laws

    Hawaii passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to data breaches. Effective July 1, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days.

  • Fines & Penalties

    In addition to the monetary penalties for violations of security breach notification and reporting, the Attorney General or the Executive Director of the Office of Consumer Protection may bring an action, and a business in violation may be liable for actual damages suffered by a consumer. Organizations may be fined or penalized for Vendor violations. Organizations may be subject to penalties up to $2,500 for each violation.

Hawaii

Statutes and Laws

H.A.R. § 16-54

Personal records

H.A.R. § 16-54

Personal records

H.A.R. § 8-34

Protection of education rights and privacy of students and parents

H.A.R. § 8-34

Protection of education rights and privacy of students and parents

HAW REV. STAT. §431

INSURANCE DATA SECURITY LAW

HAW. REV. STAT. § 323B

Health care privacy harmonization act

HAW. REV. STAT. § 323B

Health care privacy harmonization act

HAW. REV. STAT. § 487D

Retail merchant club cards

HAW. REV. STAT. § 487D

Retail merchant club cards

HAW. REV. STAT. § 487J

Personal information protection requirements

HAW. REV. STAT. § 487J

Personal information protection requirements

HAW. REV. STAT. § 487N

Security breach of personal information

HAW. REV. STAT. § 487N

Security breach of personal information

HAW. REV. STAT. § 487R

Destruction of personal information

HAW. REV. STAT. § 487R

Destruction of personal information records