The South Dakota Data Breach Notification Law Has Been Approved

April 5, 2018 James Keogh HIPAA News

All 48 U.S. states are already implementing a Breach Notification Law that requires individuals and companies storing personal information to send a notification letter to individuals when a data breach occurs. South Dakota is one of two states that have yet to introduce this legislation.  That status changed on March 21, 2018 when South Dakota attorney general Marty Jackley announced that Governor Daugaard has signed SB 6 and will be implemented on July 1, 2018.  South Dakota residents will now receive the same consumer protection as their neighboring states.

The new approved bill has the following fine points:

An entity that experiences a data breach must issue notifications to South Dakota residents whose personal information is compromised within 60 days of discovering the breach. The breach notification time frame required by this bill is the same as that of the HIPAA. Personal information as defined in the bill refers to the full name or first initial and full name of a state resident plus any of the following information:

  • a government ID number
  • driver’s license number
  • Social Security number
  • employment ID number (with authentication information)
  • credit/debit card number (with an associated code that permits card usage)
  • health information (as defined in HIPAA 45 CFR 160.103)

An entity must notify the state attorney general of any breach that impacts over 250 state residents within 60 days of discovering the breach. The South Dakota data breach notification law includes a risk of harm exception. In case a breached entity determines that the breach will unlikely harm the affected person, there’s no need to issue a notification. If breach notification is delayed, the entity could be fined up to $10,000 per day on top of state attorney’s fees.

Since South Dakota’s data breach notification law has been approved, the only state that hasn’t introduced a state-wide breach notification law is Alabama. However, it is expected that Alabama will follow soon as the same legislation – the Alabama Data Breach Notification Act of 2018 passed by the Alabama Senate – is under consideration by the House of Representatives.

About James Keogh 144 Articles
James Keogh has been writing about the healthcare sector in the United States for several years. With several years of covering healthcare topics, he has developed expertise in HIPAA-related issues, including compliance, patient privacy, and data breaches. His work is known for its thorough research and accuracy, making complex legal and medical information accessible . James's articles are valuable resources for healthcare professionals and have been featured in reputable publications. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681.
Twitter LinkedIn