Ask Reggi Your Question Now
Can you summarize IDST Title 28, Chapter 51?
COMMERCIAL TRANSACTIONS > IDENTITY THEFT
Short Summary
This legal document governs the disclosure of breach of security of computerized personal information by agencies, individuals, or commercial entities in Idaho. It applies to city, county or state agencies, individuals, and commercial entities that conduct business in Idaho and own or license computerized data containing personal information about a resident of Idaho. When a breach of security is discovered, the entity must conduct a reasonable and prompt investigation to determine the likelihood of misuse of personal information. If misuse is determined or reasonably likely, the affected Idaho resident must be notified as soon as possible, without unreasonable delay. The entity must also notify the office of the Idaho attorney general within 24 hours of discovering the breach. Cooperation with the owner or licensee of the information is required if the entity maintains computerized data it does not own or license. Notice may be delayed if advised by a law enforcement agency to avoid impeding a criminal investigation. The document does not relieve state agencies from reporting security breaches to the office of the chief information officer. Intentional disclosure of personal information not subject to disclosure is a misdemeanor offense with penalties of a fine up to $2,000, imprisonment in the county jail for up to 1 year, or both.
Whom does it apply to?
Agencies, individuals, and commercial entities in Idaho
What does it govern?
Disclosure of breach of security of computerized personal information
What are exemptions?
No specific exemptions are mentioned in this document.
What are the Penalties?
Fine of up to $25,000 per breach of the security of the system
Jurisdiction
Idaho