Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can I use third-party cloud storage services that collect personal information in North Dakota? What are the requirements?

Using Third-Party Cloud Storage Services in North Dakota

Based on the context documents, if you are a licensee in North Dakota, you may use third-party cloud storage services that collect personal information, but you must implement a comprehensive written information security program that includes administrative, technical, and physical safeguards for the protection of customer information that is appropriate to the size and complexity of your organization and the nature and scope of its activities [5.1]. Additionally, you must obtain the express consent of the person to whom such information pertains before knowingly disclosing highly restricted personal information about any person [1.1].

However, if you are disclosing nonpublic personal financial information, you may disclose it without authorization in certain circumstances, such as to comply with federal, state, or local laws, rules, and other applicable legal requirements, or to comply with a properly authorized civil, criminal, or regulatory investigation, or subpoena or summons by federal, state, or local authorities [3.1][3.5].

If you are disclosing nonpublic personal health information, you must obtain authorization from the consumer or customer whose nonpublic personal health information is sought to be disclosed, unless the disclosure is for certain insurance functions, such as claims administration or quality assurance [3.3].

Therefore, if you are a licensee in North Dakota, you may use third-party cloud storage services that collect personal information, but you must implement a comprehensive written information security program and obtain express consent or authorization before disclosing certain types of personal information.

Source(s):
Jurisdiction

North Dakota