Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...
South Dakota’s Senate Judiciary Committee Jan. 23 voted 7-0 to bring the state one step closer to enacting its first data breach notification law.
The bill ( S.B. 62) would require an information holder, upon discovery of a data breach of unencrypted computerized data, to disclose the incident to impacted consumers within 60 days. Most of the 48 states with a breach notice law set a more general deadline for companies to report breaches within a reasonable time after discovery. But 12 states set in their laws a specific time limit for providing notice. Florida, at 30 days, has the shortest time limit to notify affected individuals.
The bill includes Social Security numbers, financial and payment card data, and health information as protected data.
The measure would require companies to notify the state attorney general if a breach affects more than 250 state residents. The attorney general could bring a civil action against companies for failure to comply with the measure, seeking up to $10,000 per day per violation.
Massive data breaches involving Equifax Inc. and Target Corp. motivated the push for the legislation.
“Data breaches such as those that have occurred with Equifax and Target have affected thousands of South Dakotans’ financial security and personal information,” state Attorney General Marty Jackley (R) said in a statement. The bill is “an important step to protect consumers and to assist law enforcement in its investigation of major data breaches,” he said.
South Dakota is one of two states, the other being Alabama, that doesn’t have a data breach notification statute. Legislation to supersede state statutes with a single federal standard has been floated in Congress since 2003 but has never passed.
Alabama Attorney General Steve Marshall (R) is optimistic that Alabama will enact a breach notice statute this year, his communications director, Mike Lewis, told Bloomberg Law Jan. 23.
Before sending the bill to the full Senate, the committee amended the bill to add a risk of harm threshold for when a company must notify individuals of a breach. Business groups, including the South Dakota Retailers Association and the South Dakota Bankers Association, had called for the change.
If after an investigation and notice to the attorney general, a company “reasonably determines that the breach will not likely result in harm to the affected person,” then no notice is required.
Sen. Stace Nelson (R) told the committee that he would like to see the Senate take a second look at the provision requiring notification of the attorney general for any breach affecting at least 250 residents. “My concern is that that’s too large a number,” he said. “I’d like to see us whittle that number down.”
Jackley told the committee that he would consider amendments lowering the 250-resident threshold to be “friendly amendments”—that is, proposed changes to the bill that wouldn’t draw opposition.
With assistance from Daniel R. Stoller in Washington
To contact the reporter on this story: Christopher Brown in St. Louis at ChrisBrown@bloomberglaw.com
To contact the editor responsible for this story: Donald Aplin at firstname.lastname@example.org
Copyright © 2018 The Bureau of National Affairs, Inc. All Rights Reserved.
All Bloomberg BNA treatises are available on standing order, which ensures you will always receive the most current edition of the book or supplement of the title you have ordered from Bloomberg BNA’s book division. As soon as a new supplement or edition is published (usually annually) for a title you’ve previously purchased and requested to be placed on standing order, we’ll ship it to you to review for 30 days without any obligation. During this period, you can either (a) honor the invoice and receive a 5% discount (in addition to any other discounts you may qualify for) off the then-current price of the update, plus shipping and handling or (b) return the book(s), in which case, your invoice will be cancelled upon receipt of the book(s). Call us for a prepaid UPS label for your return. It’s as simple and easy as that. Most importantly, standing orders mean you will never have to worry about the timeliness of the information you’re relying on. And, you may discontinue standing orders at any time by contacting us at 1.800.960.1220 or by sending an email to email@example.com.
Put me on standing order at a 5% discount off list price of all future updates, in addition to any other discounts I may quality for. (Returnable within 30 days.)
Notify me when updates are available (No standing order will be created).
This Bloomberg BNA report is available on standing order, which ensures you will all receive the latest edition. This report is updated annually and we will send you the latest edition once it has been published. By signing up for standing order you will never have to worry about the timeliness of the information you need. And, you may discontinue standing orders at any time by contacting us at 1.800.372.1033, option 5, or by sending us an email to firstname.lastname@example.org.
Put me on standing order
Notify me when new releases are available (no standing order will be created)