Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection & Security
  • Third Party: Specific Obligations
  • Third Parties: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws:
- up to $25,000 per breach

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • There are specific considerations when determining if a breach is reportable.
  • Notifications may only be given by specific methods.
  • The law applies to any person or entity conducting business in the state who licenses or maintains personal information in the course of business.
  • If a vendor is breached, they report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification, but the vendor is still required to cooperate.
  • If your breach affects residents in the other states, you will need to notify those residents using that state’s rules.
STatutes and LAWS
  • ID Code § 28-51-103 Payment Card Receipts
  • ID Code § 28-51-104 Identity Theft – Definitions
  • ID Code § 28-51-105 Disclosure of Breach of Security of Computerized Personal Information by an Agency, Individual or a Commercial Entity
  • ID Code § 28-51-106 Procedures deemed in compliance with security breach requirements
  • ID Code § 28-51-107 Violations
  • ID Code § 28-52 Credit Report Protection Act
  • ID Code § 28-52-108 Protection of personal information
BAck to map