PIERRE, S.D. – Attorney General Marty Jackley confirms the Attorney General sponsored bill that requires the reporting of data breaches of personal information to consumers and to the Attorney General has unanimously passed out of the Senate Judiciary Committee this morning.
“Data breaches such as those that have occurred with Equifax and Target have affected thousands of South Dakotans’ financial security and personal information. Today, the Senate Judiciary has taken an important step to protect consumers and to assist law enforcement in its investigation of major data breaches,” said Jackley.
Under the proposed legislation, upon discovery of a breach of a system security, the information holder must disclose the breach to any resident of South Dakota whose personal or protected information was acquired by an unauthorized person within 60 days of that discovery. Furthermore, if that breach of the security system exceeds 250 South Dakota residents, the Attorney General must also be informed within 60 days. The notice by the information holder may be by written notice, electronic notice, or substitute notice. A failure to comply with the notice requirement would be a Deceptive Act under existing South Dakota law (§37-24-6) for purposes of criminal and civil enforcement. The Attorney General may also bring an action to recover civil damages of not more than $10,000 per day per violation.