Christin McMeley and Bryan Thompson write:
On April 13 North Dakota Governor Jack Dalrymple signed S. 2214 into law, which amended the state’s data breach statute in an attempt to expand the reach of the state’s notification requirements and the range of businesses subject to them. As the law is currently written, North Dakota’s data breach statute only applies to persons who conduct business in state. The amendment strikes this limiting language, attempting to make all persons – and all companies – who own or license computerized data containing “personal information” subject to the state’s breach notification requirements once S. 2214 goes into effect on August 1. S. 2214 will also require businesses that suffer a breach affecting more than 250 people to notify the state’s Attorney General by mail or email.
Read more on Davis Wright Tremaine Privacy & Security Law Blog.