Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

North Dakota
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay

FINES & PENALTIES – Violations
Up to $5,000 per violation

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

North Dakota Privacy Law Information

DEFINITION OF PERSONAL INFORMATION

“Personal information” means an individual’s first name or first initial and last name in combination with any of the following data elements, when the name and the data elements are not encrypted: social security number; driver’s license number; non-driver color photo identification card; financial account number, credit or debit card number in combination with required security code or password that would permit access to individual’s financial account; date of birth; maiden name; medical information; health insurance information; employer issued identification number with required security code or password; or digitized or electronic signature.

BREACH REPORTING

There are specific considerations when determining if a breach is reportable. If notification is required to more than 250 persons, the state Attorney General must be notified either by mail or email.

CONSUMER NOTIFICATION

If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES

Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications.

INDUSTRY SPECIFIC LAWS

North Dakota passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to data breaches. Effective July 1, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days.

FINES & PENALTIES

Organizations may be fined or penalized for Vendor violations. In addition to monetary civil penalties, the Attorney General may obtain injunctive relief through an action in a district court.

North Dakota Statutes and Laws

N.D. CENT. CODE § 15.1-07-25.3

Protection of student data – school district policy

N.D. CENT. CODE § 23-01.3-01 – 23-01.3-09

Health Information Protection

N.D. CENT. CODE § 26.1-02.2

INUSRANCE DATA AND SECURITY

N.D. CENT. CODE § 51-07-27

Restrictions on electronically printed credit card receipts – penalty

N.D. CENT. CODE § 51-15-11

Civil penalties

N.D. CENT. CODE §§ 51-30-01 – 51-30-07

Notice of Security Breach for Personal Information

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.