North Dakota Privacy Laws

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $5,000 per violation

REGULATION LEVELS

Breach Reporting Consumer Notifications
Vendor Management Vendor Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $5,000 per violation

REGULATION LEVELS

Breach
Reporting
Consumer
Notifications
Vendor
Management
Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Breach Notification

Mandated Timeframe

Without unreasonable delay

Fines & Penalties

Violations

Up to $5,000 per violation

REGULATION LEVELS

Breach
Reporting
Consumer
Notifications
Vendor
Management
Vendor
Contract Required
LEVEL DESCRIPTION
Minimal Basic Comprehensive Extensive
LAWS RELATED TO PERSONAL INFORMATION
Regulated Breach Reporting

Breach Reporting Requirements

Consumer Notification Requirements

Vendor Notification of Breach

Vendor Requirements

Vendor Specific Obligations

Vendor Mandated Contracts

Privacy Program Requirements

Protection/Security

Employee Training

Vendor Protection/Security Program

Personal Information Protection

Data Disposal of Personal Information

Quick Facts

North Dakota Privacy Law Information

  • Definition of Personal Information

    “Personal information” means an individual’s first name or first initial and last name in combination with any of the following data elements, when the name and the data elements are not encrypted: social security number; driver’s license number; non-driver color photo identification card; financial account number, credit or debit card number in combination with required security code or password that would permit access to individual’s financial account; date of birth; maiden name; medical information; health insurance information; employer issued identification number with required security code or password; or digitized or electronic signature.

  • Breach Reporting

    There are specific considerations when determining if a breach is reportable. If notification is required to more than 250 persons, the state Attorney General must be notified either by mail or email.

  • Consumer Notification

    If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

  • Vendor/Third Parties

    Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications.

  • Industry Specific Laws

    North Dakota passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to data breaches. Effective July 1, 2021, licensees must comply with the breach notification requirements, including Commissioner notification within 3 business days.

  • Fines & Penalties

    Organizations may be fined or penalized for Vendor violations. In addition to monetary civil penalties, the Attorney General may obtain injunctive relief through an action in a district court.

North Dakota

Statutes and Laws

N.D. CENT. CODE § 15.1-07-25.3

Protection of student data – school district policy

N.D. CENT. CODE § 23-01.3-01 – 23-01.3-09

Health Information Protection

N.D. CENT. CODE § 51-07-27

Restrictions on electronically printed credit card receipts – penalty

N.D. CENT. CODE § 51-15-11

Civil penalties

N.D. CENT. CODE §§ 51-30-01 – 51-30-07

Notice of Security Breach for Personal Information

N.D. CENT. CODE §26.1-02.2

INUSRANCE DATA AND SECURITY