District of Columbia Code
Subchapter XIV - Confidentiality and Security of Information
§ 41–164.01. Definitions; applicability

(a) In this subchapter, "personal information" means:
(1) Information that identifies or reasonably can be used to identify an individual, such as first and last name in combination with the individual's:
(A) Social security number or other government-issued number or identifier;
(B) Date of birth;
(C) Home or physical address;
(D) Electronic-mail address or other online contact information or Internet provider address;
(E) Financial account number or credit or debit card number;
(F) Biometric data, health or medical data, or insurance information; or
(G) Passwords or other credentials that permit access to an online or other account;
(2) Personally identifiable financial or insurance information, including nonpublic personal information defined by applicable federal law; and
(3) Any combination of data that, if accessed, disclosed, modified, or destroyed without authorization of the owner of the data or if lost or misused, would require notice or reporting under §§ 28-3851 to 28-3864 and federal privacy and data security law, whether or not the Administrator or the Administrator's agent is subject to the law.
(b) A provision of this subchapter that applies to the Administrator or the Administrator's records applies to an Administrator's agent.
(Nov. 13, 2021, D.C. Law 24-45, § 7082, 68 DCR 010163.)