Before accepting digital electronic products for repair, authorized repair providers and independent repair providers shall provide to customers a written or electronic notice that contains the following information:
- (1) The steps taken by the authorized repair provider or the independent repair provider to ensure the privacy and security of products entrusted for repair or a statement that no such steps have been taken;
(2) Recommended steps for the customer to take to safeguard product data, including:
(a) If appropriate, backing up data prior to repair and either:
- (i) Factory resetting the product; or
- (ii) Wiping backed-up data from the product;
- (b) Sharing only the passwords or access to functions necessary for the relevant repairs and changing those passwords to a temporary password prior to sharing; and
- (c) Logging out of applications or websites that contain sensitive data or that otherwise pose a security risk, such as electronic mail, banking, and social media accounts;
(3)
(a) A statement about the customer's legal right to privacy, which is protected under Article I, section 7 of the state Constitution and under Washington law, which protects against:
- (i) Washington cybercrimes under chapter 9A.90 RCW, including electronic data theft, electronic data tampering, spoofing, and computer trespass;
- (ii) The disclosing of intimate images under RCW 9A.86.010;
- (iii) The criminal impersonation of another under RCW 9A.60.040; and
- (iv) Identity crimes under chapter 9.35 RCW.
- (b) Violations of privacy may be referred to law enforcement for criminal prosecution, and violators may be liable for damages, including mental pain and suffering, that a violation of privacy may have caused to a customer's business, person, or reputation; and
- (4) For independent repair providers, whether the repair provider uses any replacement parts that are used or provided by a supplier other than the original manufacturer of the digital electronic product.
[ 2025 c 353 s 4.]