small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

North Dakota and Nevada Latest to Amend Breach Notice Laws

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

North Dakota and Nevada Latest to Amend Breach Notice Laws

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Related Locations

Chicago

Related Topics

Workplace Privacy
Data Breach
Consumer Privacy

Related Capabilities

Privacy & Data Security

Related Regions

North America

May 26, 2015

North Dakota recently amended its data breach notification law to require any person or entity – and not just those who conduct business in the state, as previously drafted – to disclose a security breach to affected North Dakota residents. Most notably, though, the amendment also adds a state attorney general notification requirement if the breach affects more than 250 individuals. The amendment also narrows a category of “personal information” that would trigger a notification obligation; under the amended law, employee identification numbers will qualify as triggering “personal information” only when they are “in combination with any required security code, access code, or password[.]” The amendment is effective August 1, 2015.

In addition, effective July 1, 2015, Nevada’s data breach notification law has been amended to add to the definition of triggering personal information 1) a medical or health insurance identification number; and 2) a user name, unique identifier, or e-mail address in combination with a password or code that would permit access to an online account.

TIP: Following similar amendments recently passed in Washington and Montana, North Dakota becomes the most recent state to require notification to state authorities in the event of a breach, continuing the trend of states’ increased involvement in the data security of their residents. 

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising