Can you summarize SDCL 22-40-20?

Short Summary

This legal document, sourced from the South Dakota Codified Laws, pertains to the breach of system security. It requires information holders to disclose any breach of system security to residents of South Dakota whose personal or protected information was acquired by an unauthorized person. The disclosure must be made within sixty days of discovery or notification of the breach, unless a longer period is required for law enforcement purposes. However, if the information holder determines that the breach will not likely result in harm to the affected person, they are not obligated to make a disclosure. The information holder must document this determination in writing and maintain it for at least three years. Additionally, if the breach affects more than two hundred fifty residents of South Dakota, the information holder must disclose it to the attorney general. The document does not specify any specific penalties for non-compliance or violation of its provisions.

Whom does it apply to?

Information holders

What does it govern?

Breach of system security

What are exemptions?

The information holder is not required to make a disclosure if they reasonably determine that the breach will not likely result in harm to the affected person.

What are the Penalties?

No specific penalties mentioned.

Jurisdiction

South Dakota

Source

SDCL 22-40-20 [https://reggi.cloud.regology.com/regulations/US-SDCL/US-SDCL_T_22_C_40_S_20]

• Banking