Mandated Timeframe
Without unreasnable delay
Violations
Up to $2,500 per violation
![]() |
![]() |
---|---|
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
---|
Breach Reporting Requirements
Consumer Notification Requirements
Vendor Notification of Breach
Vendor Specific Obligations
Vendor Mandated Contracts
Protection/Security
Employee Training
Vendor Protection/Security Program
Personal Information Protection
Data Disposal of Personal Information
Mandated Timeframe
Without unreasnable delay
Violations
Up to $2,500 per violation
![]() Reporting |
![]() Notifications |
---|---|
![]() Management |
![]() Contract Required |
![]() |
![]() |
![]() |
![]() |
---|
Breach Reporting Requirements
Consumer Notification Requirements
Vendor Notification of Breach
Vendor Specific Obligations
Vendor Mandated Contracts
Protection/Security
Employee Training
Vendor Protection/Security Program
Personal Information Protection
Data Disposal of Personal Information
Mandated Timeframe
Without unreasonable delay
Violations
Up to $2,500 per violationy
![]() Reporting |
![]() Notifications |
---|---|
![]() Management |
![]() Contract Required |
![]() |
![]() |
![]() |
![]() |
---|
Breach Reporting Requirements
Consumer Notification Requirements
Vendor Notification of Breach
Vendor Specific Obligations
Vendor Mandated Contracts
Protection/Security
Employee Training
Vendor Protection/Security Program
Personal Information Protection
Data Disposal of Personal Information
Hawaii’s security breach law applies to personal information in any format (whether computerized, paper or otherwise).
Organizations conducting business in HI must take reasonable measures to protect against unauthorized access to or use of personal information in connection with or after its disposal. Organizations contracting with a data disposal Vendor must monitor and exercise due diligence ensuring the required policies and procedures are in place for the destruction of records, review an independent audit, obtain reliable professional references, require trade association certification.
When 1,000 or more consumers are notified, reporting is required to the State of Hawaii’s Office of Consumer Protection and all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis.
There are specifically defined requirements for consumer notification. If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Vendors in the business of destroying records must have policies and procedures in place for the destruction of records containing personal information so the records are unreadable or undecipherable. Vendors in the business of destroying records must have policies and procedures in place for the protection of personal information during and after collection, transportation, and destruction.
Hawaii passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to data breaches. Effective July 1, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days.
In addition to the monetary penalties for violations of security breach notification and reporting, the Attorney General or the Executive Director of the Office of Consumer Protection may bring an action, and a business in violation may be liable for actual damages suffered by a consumer. Organizations may be fined or penalized for Vendor violations. Organizations may be subject to penalties up to $2,500 for each violation.
Hawaii
Cookie | Duration | Description |
---|---|---|
cookielawinfo-checbox-analytics | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics". |
cookielawinfo-checbox-functional | 11 months | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checbox-others | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other. |
cookielawinfo-checkbox-necessary | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary". |
cookielawinfo-checkbox-performance | 11 months | This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance". |
viewed_cookie_policy | 11 months | The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data. |