As we wrote in March, Virginia continued the nationwide trend among state legislatures by amending its breach notification law. That revision became effective this week. Under the amended statute, employers are required to notify the Virginia Attorney General in the event that they discover a compromise to data containing a taxpayer identification number in combination with the income tax withheld for an individual. However, notification is necessary only if the unauthorized access or acquisition of the data will cause identity theft or fraud and the data was unencrypted.

TIP: Companies with nationwide breach notice plans should be sure to include a provision relating to the compromise of taxpayer information. In addition, companies should remain vigilant in protecting their employees’ tax information as W2 phishing attacks remain a significant threat.