BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay
FINES & PENALTIES – Violations
Up to $5,000 per violation
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
North Dakota Privacy Law Information
“Personal information” means an individual’s first name or first initial and last name in combination with any of the following data elements, when the name and the data elements are not encrypted: social security number; driver’s license number; non-driver color photo identification card; financial account number, credit or debit card number in combination with required security code or password that would permit access to individual’s financial account; date of birth; maiden name; medical information; health insurance information; employer issued identification number with required security code or password; or digitized or electronic signature.
There are specific considerations when determining if a breach is reportable. If notification is required to more than 250 persons, the state Attorney General must be notified either by mail or email.
If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications.
North Dakota passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to data breaches. Effective July 1, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days.
Organizations may be fined or penalized for Vendor violations. In addition to monetary civil penalties, the Attorney General may obtain injunctive relief through an action in a district court.
North Dakota Statutes and Laws
Protection of student data – school district policy
Health Information Protection
INUSRANCE DATA AND SECURITY
Restrictions on electronically printed credit card receipts – penalty
Notice of Security Breach for Personal Information
The information provided is not legal guidance or recommendations and are for informational purposes only.