Minnesota
| Breach Notification | |
|---|---|
| CITATION | Minn. Stat. §§ 325E.61 and 325E.64 |
| ENACTED | 2005 |
| SUMMARY | Any person or business that conducts business in Minnesota, and that owns or licenses data that includes personal information, must disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of Minnesota whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or with any measures necessary to determine the scope of the breach, identify the individuals affected, and restore the reasonable integrity of the data system. |
| DATA COVERED |
The law covers ‘Personal Information’ which is defined as the first name or initial and surname combined with one or more of the following:
|
| INDUSTRY |
Any person or business that conducts business in this state, and that owns or licenses data that includes personal information. §325E.64 regulates financial institutions and entities that use credit cards. |
| PENALTIES |
Enforced by Attorney General. A financial institution that sustains losses due to a breach of the security is entitled to recover the damages from the entity that violates the statute. |
