Mandatory Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of Breach and Notification Laws:
- Attorney General may bring an action

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • There are specific considerations when determining if a breach is reportable.
  • Upon becoming aware of a breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal identifying information has been or will be misused.
  • Notifications may only be given by specific methods. In addition, Wyoming has a separate substitute notice allowances based on businesses operating in-state or out-of-state.
  • If a vendor is breached, they must report it to the data owner. Unlike other states, Wyoming allows the data owner and the vendor to decide who will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using those states’ rules.
Statutes and Laws
  • Wyo. Stat. § 40-12-501 Definitions
  • Wyo. Stat. § 40-12-502 Computer security breach; notice to affected persons
  • Wyo. Stat. §§ 40-12-101 et seq. Wyoming Consumer Protection Act
BAck to map