Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Written Program for Protection & Security
  • Third Party: Specific Obligations
  • Third Parties: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws
up to $10,000 and any liability

Regulation Levels
  • Breach Reporting
  • Consumer Notification
  • Third Party Management
  • Privacy Programs
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • At the same time as consumer notification, reporting must be made to the Attorney General’s consumer protection office.
  • A civil action may be brought in district court.
  • Notifying the Commissioner of Insurance is required in some cases involving insurance related breaches.
  • If vendor is breached, they must report it to the data owner.  The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • Mont. Code Ann. §§ 30-14-1701–30-14-1705  Impediment of Identity Theft – Record Destruction and Security Breach (2005)

    Mont. Code Ann. §§ 30-14-1721, 30-14-1722  Impediment of Identity Theft – Credit Cards (2005)

    Mont. Code Ann. §§ 30-14-111, 30-14-112, 30-14-142  Enforcement, Penalties

    Mont. Code Ann., Title 33, Chapter 19  Insurance Information and Privacy Protection

BAck to map