Data Privacy Regulations

Terms of Use

This summary of regulations is provided for information purposes only.
No action based on this summary alone should be undertaken.
Each individual or entity must obtain appropriate guidance for its specific circumstances.


Did You Know?


It's statutes may include:

  • Multiple factors determine breach reportability
  • Comprehensive provisions for notifications
  • Specific methods of notification delivery
  • Data owners OR Vendors are responsible for reporting and notifications
  • Bills approved in 2015 doubled the data elements that are considered personal data
  • Violations can result in civil action by the state attorney general
  • Other state laws, federal laws, industry regulations, and/or out-of-country laws may also apply

Who Me?


Wyoming breach and notification laws may apply if you are an individual or commercial entity that:

  • conducts business in this Wyoming and that owns or licenses computerized data that includes PII about a resident of Wyoming
  • maintains computerized data that includes PII on behalf of another business entity

There are usually exemptions.

What is PII?


PII is personally identifiable information.  PII relevant to a breach in Wyoming includes an individual’s name with one or more of the following:

  • Social security, driver license, identification, tribal identification, government issued, and individual taxpayer identification numbers;
  • Financial account numbers or credit/debit card numbers with security or access codes or passwords;
  • Shared secrets or security tokens;
  • User name or email address in combo with a password that permit access to the account;
  • Medical, health, or biometric information;
  • Birth or marriage certificate



A few of these laws include, but are not limited to:

  • Wyoming Statutes
    • Chapter 12 – Consumer Protection
    • Article 1 – In General
  • Wyoming Consumer Protection Act
    • § 40-12-101, and § 40-12-501 to 40-12-503



The state attorney general may bring an action in law or equity to address any violation and for other relief that may be appropriate to ensure proper compliance, recover damages, or both.



When considering reporting requirements, it would include, but not limited to:

  • The combination of personal information breached
  • If the data was computerized
  • If the data was encrypted or redacted
  • If it was acquired by an unauthorized person
  • If misuse of the data has occurred or is likely to occur
  • If the data will be used or is subject to further unauthorized disclosure


The notification may be delayed if a law enforcement agency advises in writing that it will seriously interfere with an investigation, otherwise the notification must be made as soon as possible.


Requires detailed information and potential provision of services

Disclosure may only be made by written notice or electronically with stipulations.

A substitute notice, with specific requirements, may be used if the person demonstrates that the cost of providing the notice, exceeds a determined amount of notices or they do not have sufficient contact information. There are different rules for businesses based in Wyoming and businesses not based in Wyoming.

Contact the Privacy Experts at CSR