N.D. Cent. Code § 54-59.1-03

Current through 2024 Legislative Session
Section 54-59.1-03 - Ongoing disclosure to the department during a cybersecurity incident

Until a cybersecurity incident is resolved, an entity shall disclose clarifying details regarding a cybersecurity incident to the department, including:

1. The number of potentially exposed records;
2. The type of records potentially exposed, including health insurance information, medical information, criminal justice information, regulated information, financial information, and personal information;
3. Efforts the entity is undertaking to mitigate and remediate the damage of the incident to the entity and other affected entities; and
4. The expected impact of the incident, including:
a. The disruption of the entity services;
b. The effect on customers and employees that experienced data or service losses;
c. The effect on entities receiving wide area network services from the department; and
d. Other concerns that could potentially disrupt or degrade the confidentiality, integrity, or availability of information systems, data, or services that may affect the state.

N.D.C.C. § 54-59.1-03

Added by S.L. 2021, ch. (TBD) (HB 1314),§ 1, eff. 8/1/2021.