North Dakota
| Notice of Security Breach for Personal Information | |
|---|---|
| CITATION | N.D. Cent. Code § 51-30-01 et seq. |
| ENACTED | 2005 |
| SUMMARY | The laws require that if an individual or a commercial entity that conducts business in North Dakota and that owns or licenses computerized data that includes personal information about a resident of North Dakota becomes aware of a breach of the security of their computer system, the business or entity must conduct a prompt investigation to determine if personal information has been compromised and assess the risk of misuse. The law also requires the individual or the commercial entity provide notice as soon as possible to the affected North Dakota resident unless the investigation determines that the misuse of information about a North Dakota resident has not occurred and is not reasonably likely to occur. The laws require notice to be made in good faith, in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and with any measures necessary to determine the scope of the breach and to restore the reasonable integrity of the computerized data system. |
| DATA COVERED |
The law covers ‘Personal Information’ which means an individual’s first name or first initial and last name in combination with any of the following data elements, when the name and the date elements are not encrypted.
|
| INDUSTRY | Any person that conducts business in North Dakota and owns or licenses computerized data that includes Personal Information or maintains such computerized data. |
| PENALTIES | The Attorney General may enforce the law. The court can impose civil penalties of not more than five thousand dollars ($5,000) for each violation. The Court may also award the Attorney General recovery of costs. |
