BreachExchange mailing list archives
North Dakota Breach Notification Law - Personal Information Includes Health Information
From: Lee J <lee () riskbasedsecurity com>
Date: Tue, 1 Oct 2013 13:24:53 +1000
http://www.jdsupra.com/legalnews/north-dakota-breach-notification-law-p-64183/ North Dakota has amended its Notice of Security Breach for Personal Information statute, North Dakota Century Code Section 51-30 et seq.<http://www.legis.nd.gov/cencode/t51c30.pdf?20130929152020>, to expand the definition of “personal information” to include “medical information” and health insurance information.” Pursuant to the amended statute, “medical information” includes any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional. “Health Insurance Information” is defined as an individual’s health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual. The amended statute also includes a carve out for covered entities, business associates, or subcontractors subject to breach notification obligations under HIPAA/HITECH. The amended statute took effect on August 1, 2013. Prior to the amendment, North Dakota was already a state with a breach notification statute that defines personal information more broadly than an individual’s first name or first initial and last name plus one of the following data elements: Social Security number; driver’s license number or state issued ID card number; an account, credit card number or debit card number combined with security code, access code, PIN or password needed to access an account. Also included in North Dakota’s data breach statute’s definition of personal information are an individual’s date of birth, mother’s maiden name, employee identification number, and electronic signature.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- North Dakota Breach Notification Law - Personal Information Includes Health Information Lee J (Oct 09)