Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection & Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Required Disposal of Retained Personal Information
  • Require Vendors to Protect Personal Information
  • Verification of Vendor Protection/Security Program
  • Vendor Notification to Organization of Breach/Suspected Breach
Fines & Penalties

Violations of breach notification laws:

- up to $25,000 per breach

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Vendor Contract Required
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • There are specific considerations when determining if a breach is reportable.
  • Notifications may only be given by specific methods.
  • The breach notification law applies to any person or entity conducting business in the state who licenses or maintains personal information in the course of business.
  • Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications.
  • Vendors must cooperate with Organizations by providing all necessary information about a breach.
  • If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
  • Organizations may be fined or penalized for Vendor violations.
  • The Attorney General may bring a civil action for violations of and to enforce compliance with security breach requirements.
STatutes and LAWS
  • ID Code § 28-51-103 Payment Card Receipts
  • ID Code § 28-51-104 Identity Theft – Definitions
  • ID Code § 28-51-105 Disclosure of Breach of Security of Computerized Personal Information by an Agency, Individual or a Commercial Entity
  • ID Code § 28-51-106 Procedures Deemed in Compliance With Security Breach Requirements
  • ID Code § 28-51-107 Violations
  • ID Code § 28-52 Credit Report Protection Act
  • ID Code § 28-52-108 Protection of personal information
BAck to map