Senate Bill: 1374
Idaho Code: §28-51-104-107
Effective Date: July 1, 2006
Definition of Personal Information: An Idaho resident's first name or first initial and last name in combination with any one or more of the following data elements that relate to the resident, when either the name or the data elements are not encrypted:
(a) Social security number;
(b) Driver's license number or Idaho Identification Card number; or
(c) Account number, or credit or debit card number, in combination with any required security code, access code, or password that would permit access to a resident’s financial account.
Summary: An agency, individual or a commercial entity that conducts business in Idaho and that owns or licenses computerized data that includes personal information about a resident of Idaho shall, when it becomes aware of a breach of the security of the system, conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused. If the investigation determines that the misuse of information about an Idaho resident has occurred or is reasonably likely to occur; the agency, individual or the commercial entity shall give notice as soon as possible to the affected Idaho resident. Notice must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement and consistent with any measures necessary to determine the scope of the breach, to identify the individuals affected, and to restore the reasonable integrity of the computerized data system.
Visit the State Web site