Ask Reggi Your Question Now
Can you summarize IDST 28-51-105?
IDENTITY THEFT > DISCLOSURE OF BREACH OF SECURITY OF COMPUTERIZED PERSONAL INFORMATION BY AN AGENCY, INDIVIDUAL OR A COMMERCIAL ENTITY.
Short Summary
This legal document governs the disclosure of breach of security of computerized personal information by agencies, individuals, or commercial entities in Idaho. It applies to city, county or state agencies, individuals, and commercial entities that conduct business in Idaho and own or license computerized data containing personal information about a resident of Idaho. When a breach of security is discovered, the entity must conduct a reasonable and prompt investigation to determine the likelihood of misuse of personal information. If misuse is determined or reasonably likely, the affected Idaho resident must be notified as soon as possible, without unreasonable delay. The entity must also notify the office of the Idaho attorney general within 24 hours of discovering the breach. Cooperation with the owner or licensee of the information is required if the entity maintains computerized data it does not own or license. Notice may be delayed if advised by a law enforcement agency to avoid impeding a criminal investigation. The document does not relieve state agencies from reporting security breaches to the office of the chief information officer. Intentional disclosure of personal information not subject to disclosure is a misdemeanor offense with penalties of a fine up to $2,000, imprisonment in the county jail for up to 1 year, or both.
Whom does it apply to?
City, county or state agencies, individuals, and commercial entities that conduct business in Idaho and own or license computerized data that includes personal information about a resident of Idaho
What does it govern?
Disclosure of breach of security of computerized personal information by an agency, individual, or a commercial entity
What are exemptions?
No exemptions are mentioned.
What are the Penalties?
Governmental employees who intentionally disclose personal information not subject to disclosure otherwise allowed by law may be guilty of a misdemeanor and punished by a fine of up to $2,000, imprisonment in the county jail for up to 1 year, or both.
Jurisdiction
Idaho