On March 21, 2018, South Dakota Governor Dennis Daugaard signed legislation (S.B. 62) creating a breach notification requirement for businesses in the state that own or license computerized personal or protected information of residents. Businesses must provide notice to the impacted residents whose information was acquired by an unauthorized person within 60 days of the breach’s discovery. Businesses must also disclose the breach to the South Dakota Attorney General, via mail or email, if the breach affects more than 250 residents. The law includes necessary definitions for compliance and penalties for failure to comply.
The law is effective July 1, 2018.
Read SD S.B. 62