Amended Security Breach Law in the State of Wyoming

Amended Security Breach Law in the State of Wyoming

Wyo. Stat. § 40-12-50 is a data breach notification law that was initially passed in the U.S. state of Wyoming in 2007 and later amended in 2015. In accordance with other data breach notification laws around the country that have been amended in recent years, Wyo. Stat. § 40-12-50 was updated for the purposes of providing residents of the state with an enhanced level of legal protection in instances where data breaches take place, by effectively expanding the categories of personal information that are covered under the law. With this being said, Wyo. Stat. § 40-12-50 places various requirements on businesses within Wyoming as it concerns the handling of data breach incidents.

How is a data breach defined under Wyo. Stat. § 40-12-50?

Under Wyo. Stat. § 40-12-50, a data breach is defined as the “unauthorized acquisition of computerized data that materially compromises the security, confidentiality or integrity of PI maintained by an Entity and causes or is reasonably believed to cause loss or injury to a resident of WY.” Conversely the “good-faith acquisition of PI by an employee or agent of an Entity for the purposes of the Entity is not a breach of the security of the data system, provided that the PI is not used or subject to further unauthorized disclosure.” Additionally, as it relates to the scope and application of the law, the provisions of Wyo. Stat. § 40-12-50 apply to any “individual or commercial entity (collectively, Entity) that conducts business in WY and that owns or licenses computerized data that includes PI about a resident of WY.”

What are the data breach requirements under Wyo. Stat. § 40-12-50?

Under Wyo. Stat. § 40-12-50, a business entity that experiences a data breach is responsible for providing notice to all affected individuals, in the most expedient manner possible and without unreasonable. Moreover, these notifications must provide residents of Wyoming with the following information:

What types of personal information are legally protected under Wyo. Stat. § 40-12-50?

Under the provisions set forth in Wyo. Stat. § 40-12-50, the following types of personal information are legally protected should a data breach take place, in combination with a Wyoming resident’s first name or first initial and last name, permitting these data elements have not been redacted:

What are the penalties for violating Wyo. Stat. § 40-12-50?

In terms of the enforcement of the law, the provisions established in Wyo. Stat. § 40-12-50 are enforceable by the Wyoming attorney general. Subsequently, the Wyoming attorney has the legal authority to impose punishments against individuals, businesses, and organizations within the state that fail to respect the rights of citizens within the state as it pertains to the handling of data breach incidents. Such punishments include monetary fines and civil liability, and the Wyoming attorney general also retains the right to impose further penalties at their own discretion, in accordance with other relevant legislation within the state.

While every data breach notification law within the U.S. will protect some form of personal information in the event that a data breach occurs, the scope of these protections can vary from state to state. While there are many states around the U.S. that cover a wide range of data in instances where a data breach takes place, the level of information that is protected under Wyo. Stat. § 40-12-50 is particularly far-reaching, as everything from birth certificates to biometric identification is covered under the law. To this point, residents of the state can truly rest assured that they will be able to protect themselves and their identities should personal information relating to them become compromised during or as a result of a data breach.

Related Reads