South Dakota passed a bill establishing disclosure requirements in the event of a security breach. Under the bill, an “information holder” must disclose a security breach to all South Dakota residents whose personal or protected information was (or is reasonably believed to have been) acquired by an unauthorized person. However, an information holder is not required to disclose a security breach if, following an appropriate investigation and notice to the attorney general, the information holder reasonably determines that the security breach will not likely result in harm to any South Dakota residents. The bill also requires information holders to notify all consumer reporting agencies if the information holder is required to provide a security breach disclosure to any South Dakota residents. In addition, the bill requires information holders to notify the attorney general of a security breach if the security breach affects more than 250 South Dakota residents. The bill becomes effective June 24, 2018.
See South Dakota Legislature Website for the full text of the Statutes: http://sdlegislature.gov/docs/legsession/2018/Bills/SB62ENR.pdf
