ADVERTISEMENT

ADVERTISEMENT

Data breach proposal gets Senate's approval

PIERRE -- The data breach piece of the state attorney general's legislative package cleared the South Dakota Senate Thursday. The vote was 30-2. SB 62 now goes to the House of Representatives for action. The proposal from Attorney General Marty J...

PIERRE - The data breach piece of the state attorney general's legislative package cleared the South Dakota Senate Thursday.

The vote was 30-2.

SB 62 now goes to the House of Representatives for action.

The proposal from Attorney General Marty Jackley is intended to address situations that have been in the news with increasing frequency.

Jackley and U.S. Rep. Kristi Noem are competing for the Republican nomination for governor that will be decided in the June primary.

ADVERTISEMENT

Gov. Dennis Daugaard, a Republican, can't seek a third consecutive term.

Jackley's measure needed another tweak Thursday to satisfy some of South Dakota's health care providers.

His office agreed to the change.

"They like the amendment and would welcome it as such," Sen. Lance Russell, R-Hot Springs, said.

Sen. Alan Solano, R-Rapid City, explained the amendment would allow providers to comply with federal law if a breach happened.

Sen. Jeff Partridge, R-Rapid City, asked about the potential effect on small businesses, such as "mom and pop" tourism shops.

Russell acknowledged there would be an impact. "As well it should," Russell said.

The legislation is complicated and isn't easy to explain.

ADVERTISEMENT

For example, an information holder who becomes aware of a data breach shall disclose it to any resident of South Dakota whose personal or protected information was actually or believed to be acquired by an unauthorized person.

The information holder would have 60 days unless a longer period was needed by law enforcement. The information holder would be required to notify the attorney general by mail or electronic message any breach that exceeds 250 residents of the state.

But the information holder wouldn't be required to make a disclosure to the residents if it's "reasonably determined" that the breach "will not likely result in harm to the affected person."

The legislation further states the information holder "shall document the determination under this section in writing and maintain the documentation for not less than three years."

The potential fine is $10,000 per day.

The legislation includes a menu of ways the residents can be contacted. They include written notice, electronic notice if that's been the primary method of contact, or a substitute form of notice if the information holder faces more than $250,000 in cost, or more than 500,000 people are affected, or there isn't sufficient contact information.

The substitute notice can be through email, "conspicuous posting" on the information holder's website or notification to statewide media.

Related Topics: GOVERNMENT AND POLITICS
What To Read Next
Members Only
"It’s a non-meandered stream with plats along the edge of the canal, and the bottom of the canal remains with the original owner,” Jim Taylor said, noting Chuck Mauszycki owns the canal land.
“Why would we create new major programs, when we can’t even fund the programs that we have?” a public education lobbyist said in opposition to Noem's three-year, $15 million proposal.
"If we show we are complacent with areas like this that clearly need addressing, we’re not improving as a city,” Mitchell Republic Editor Luke Hagen said during the city council meeting discussion.
Discussion will take place during the 6 p.m. meeting on Monday at City Hall