22-40-20 Notice of breach of system security--Exception.
Notice of breach of system security--Exception.
Following the discovery by or
notification to an information holder of a breach of system security an information holder shall
disclose in accordance with § 22-40-22 the breach of system security to any resident of this state
whose personal or protected information was, or is reasonably believed to have been, acquired by
an unauthorized person. A disclosure under this section shall be made not later than sixty days from
the discovery or notification of the breach of system security, unless a longer period of time is
required due to the legitimate needs of law enforcement as provided under § 22-40-21. An
information holder is not required to make a disclosure under this section if, following an appropriate
investigation and notice to the attorney general, the information holder reasonably determines that
the breach will not likely result in harm to the affected person. The information holder shall
document the determination under this section in writing and maintain the documentation for not less
than three years.
Back to Chapter 22-40
Any information holder that experiences a breach of system security under this section shall
disclose to the attorney general by mail or electronic mail any breach of system security that exceeds
two hundred fifty residents of this state.
Source: SL 2018, ch 135, § 2.
Get Chapter 22-40