Security Breach Notice Law in the State of North Dakota

March 03, 2022 | 4 minutes read
Security Breach Notice Law in the State of North Dakota

N.D. Cent. Code § 51-30-01 is a security breach notification law that was passed in the U.S. state of North Dakota in 2005 that has been amended several times, most recently in 2015. N.D. Cent. Code § 51-30-01 was amended in 2015 for the purpose of providing residents of the state of North Dakota with an enhanced level of protection as it concerns the adverse consequences of a security breach. With this being said, the law sets forth the responsibilities that businesses entities have regarding said residents in instances where a security breach occurs. Furthermore, the law also sets forth the punishments that businesses within the state of North Dakota stand to face should they fail to comply with the provisions established in the law.

How is a security breach defined?

Under N.D. Cent. Code § 51-30-01, a security breach is defined as the “unauthorized acquisition of computerized data when access to PI has not been secured by encryption or by any other method or technology that renders the electronic files, media, or databases unreadable or unusable.” Alternatively, the “good-faith acquisition of PI by an employee or agent of the Entity is not a breach of the security of the system if the PI is not used or subject to further unauthorized disclosure.” Moreover, as it concerns the scope and applicability of the law, the provisions of the law apply to “any entity that conducts business in ND and that owns or licenses computerized data that includes PI.”

What are the security breach notification requirements?

N.D. Cent. Code § 51-30-01 mandates that business entities provide notification to North Dakota residents with notification in the event that a security breach takes place. These notifications must be provided to North Dakota residents in the most expedient manner possible, and provide said residents with details including the scope and severity of the breach, as well as the types of personal information that were disclosed during the breach, among other pertinent information. Additionally, business entities that experience a data breach are also required to provide notification to the North Dakota attorney general in instances where a security breach affects more than 250 residents within the state.

What types of personal information are legally protected?

Under N.D. Cent. Code § 51-30-01, the following types of personal information are legally protected should a security breach occur, in connection with a North Dakota resident’s first name or first initial and last name, in instances where these data elements have not been redacted, encrypted, or otherwise rendered inaccessible through another form of technology:

What are the penalties for violating N.D. Cent. Code § 51-30-01?

In terms of the enforcement of N.D. Cent. Code § 51-30-01, the provisions established in the law are enforceable by the North Dakota attorney general. To this point, the North Dakota attorney general has the authority to impose a multitude of penalties and sanctions against businesses within the state that are found to be in violation of the law. Such punishments include civil damages of up to $5,000 for each offense, and temporary or permanent injunction, as well as reasonable attorney fees, expenses, and costs that may be incurred during the course of a legal investigation. The North Dakota attorney general may also impose further punishments at their own discretion.

Through the enactment of N.D. Cent. Code § 51-30-01, residents of the state of North Dakota were provided with the legal means to mitigate the adverse effects that can result from being involved in a security breach. As the law protects a wide range of personal information, including common forms of information such as financial account numbers to less common forms of information such as an employee identification number, residents of the state can also ensure that their personal information is being safeguarded at every level of society. To this end, N.D. Cent. Code § 51-30-01 ensures that personal information concerning North Dakota residents cannot be disclosed improperly without legal repercussions.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »