North Dakota Breach Notification Law - Personal Information Includes Health Information

[Lee J <lee () riskbasedsecurity com>]

http://www.jdsupra.com/legalnews/north-dakota-breach-notification-law-p-64183/

North Dakota has amended its Notice of Security Breach for Personal
Information statute, North Dakota Century Code Section 51-30 et
seq.<http://www.legis.nd.gov/cencode/t51c30.pdf?20130929152020>,
to expand the definition of “personal information” to include “medical
information” and health insurance information.” Pursuant to the amended
statute, “medical information” includes any information regarding an
individual’s medical history, mental or physical condition, or medical
treatment or diagnosis by a health care professional. “Health Insurance
Information” is defined as an individual’s health insurance policy number
or subscriber identification number and any unique identifier used by a
health insurer to identify the individual. The amended statute also
includes a carve out for covered entities, business associates, or
subcontractors subject to breach notification obligations under
HIPAA/HITECH. The amended statute took effect on August 1, 2013.

Prior to the amendment, North Dakota was already a state with a breach
notification statute that defines personal information more broadly than an
individual’s first name or first initial and last name plus one of the
following data elements: Social Security number; driver’s license number or
state issued ID card number; an account, credit card number or debit card
number combined with security code, access code, PIN or password needed to
access an account. Also included in North Dakota’s data breach statute’s
definition of personal information are an individual’s date of birth,
mother’s maiden name, employee identification number, and electronic
signature.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

# OWASP http://www.appsecusa.org
# Builders, Breakers and Defenders
# Time Square, NYC 20-21 Nov
o()xxxx[{::::::::::::::::::::::::::::::::::::::::>

Risk Based Security (http://www.riskbasedsecurity.com/)
Risk Based Security offers security intelligence, risk management services and customized security solutions. The 
YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk 
mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.