Ask Reggi Your Question Now
Can you summarize WYST 40-12-502?
CREDIT FREEZE REPORTS > Computer security breach; notice to affected persons
Short Summary
This legal document governs the obligations of individuals or commercial entities conducting business in Wyoming that own or license computerized data containing personal identifying information about a resident of Wyoming. When a breach of the security system occurs, the entity must conduct a reasonable and prompt investigation to determine the likelihood of misuse of personal identifying information. If misuse has occurred or is reasonably likely to occur, the entity must provide notice to the affected Wyoming resident as soon as possible. The notice should be made without unreasonable delay, considering law enforcement needs and measures necessary to determine the breach’s scope and restore the system’s integrity. The document allows for delayed notification if a law enforcement agency determines that it may impede a criminal investigation. The document specifies various methods of providing notice to consumers, including written notice, electronic mail notice, and substitute notice under certain conditions. The notice must include specific information such as a toll-free number for contacting the entity, types of personal identifying information involved, a general description of the breach incident, and actions taken to protect the system. The document also grants the attorney general the authority to bring actions for violations and provides provisions for disclosure of breaches by entities maintaining data on behalf of another business entity. Exemptions are provided for financial institutions complying with specific federal requirements and covered entities or business associates complying with HIPAA and its regulations.
Whom does it apply to?
Individuals or commercial entities that conduct business in Wyoming and own or license computerized data containing personal identifying information about a resident of Wyoming
What does it govern?
Computer security breach; notice to affected persons
What are exemptions?
Financial institutions subject to the requirements of 15 U.S.C. 6801(b)(3) and 12 C.F.R. Part 364 Appendix B or Part 748 Appendix B are deemed to be in compliance with this section if they notify affected Wyoming customers in compliance with the requirements of 15 U.S.C. 6801 through 6809 and 12 C.F.R. Part 364 Appendix B or Part 748 Appendix B. Covered entities or business associates subject to and complying with the Health Insurance Portability and Accountability Act (HIPAA) and the regulations promulgated under that act, 45 C.F.R. Parts 160 and 164, are also deemed to be in compliance with this section if they notify affected Wyoming customers or entities in compliance with the requirements of HIPAA and 45 C.F.R. Parts 160 and 164.
What are the Penalties?
Not specified
Jurisdiction
Wyoming