North Dakota State Security Breach Laws 

Senate Bill: 2251

North Dakota Century Code: §§ 51-30-01 et seq.


Effective Date: June 1, 2005 

Definition of Personal Information: An individual’s first name or first initial and last name in combination with any of the following data elements, when the name and the data elements are not encrypted:

(a) The individual's social security number;
(b) The operator's license number assigned to an individual by the department of transportation;
(c) A non-driver color photo identification card number assigned to the individual by the department of transportation;
(d) The individual's financial institution account number, credit card number, or debit card number in combination with any required security code, access code, or password that would permit access to an individual's financial accounts;
(e) The individual's date of birth;
(f) The maiden name of the individual's mother;
(g) An identification number assigned to the individual by the individual's employer; or
(h) The individual's digitized or other electronic signature.

Summary: Any person that conducts business in this state, and that owns or licenses computerized data that includes personal information, shall disclose any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of the state whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The disclosure must be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement or any measures necessary to determine the scope of the breach and to restore the integrity of the data system.
 
Visit the state Web site