Mandated Timeframe for Breach Reporting and/or Consumer Notification

Within 48 hours (500+ notifications)
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach notification laws:
- up to $25,000

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • There are specific considerations when determining if a breach is reportable.
  • Consumers must be notified without unreasonable delay.
  • If notification by a business for more than 500 persons at one time is required, the consumer reporting agencies must be notified in 48 hours with specific information.
  • Internet service provider must take reasonable steps to maintain the security and privacy of a consumer’s personally identifiable information.
  • No person or entity conducting business in Minnesota accepting an access device in connection with a transaction shall retain the card security code data, the PIN verification code number, or the full contents of any track of magnetic stripe data, subsequent to the authorization of the transaction or in the case of a PIN debit transaction, subsequent to 48 hours after authorization of the transaction.
  • If a vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • MN § 325E.61 Data Warehouses; Notice Required for Certain Disclosures

    MN § 325E.64 Access Devices; Breach of Security

    MN § 325E.59 Use of Social Security Numbers

    MN § 325M.05 Security of Information

BAck to map