Montana Data Breach Notification Law featured image

Montana Data Breach Notification Law

by John DiGiacomo

Partner

Montana Data Breach Notification Law has been updated to expand the definition of “personal information” and also require notice to the state attorney general’s consumer protection office. A data breach is generally a security incident in which sensitive, protected, or confidential data is copied, transmitted, stolen, viewed, or used by an individual unauthorized to do so. Data breaches can occur due to human error, deliberate hacking, or criminal cyber attacks. According to the Montana Department of Justice, over 100,000 Montana citizens have been victims of data breaches in the past year. Pursuant to Montana Code Annotated § 30-14-1704, businesses and state agencies are required to notify affected Montana residents if data breaches affect their personal information.

Montana Data Breach Notification Law

Under this statute, a “breach of the security of the data system” is the unauthorized acquisition of computerized data that materially compromises the security, confidentiality, or integrity of personal information maintained the business, and causes, or reasonably believed to cause, loss or damage to a Montana resident. For the purposes of this statute, personal information includes an individual’s first and last names, combined with one or more of the following:

  1. a social security number;
  2. driver’s license number, state identification card number, or tribal number;
  3. an account number, or credit or debit card number, in combination with any required security code, access code, or password;
  4. medical record information as defined in 33-19-104;
  5. taxpayer identification number; or
  6. an identity protection personal identification number issued by the U.S. Internal Revenue Service (IRS).  

When a Montana resident’s information becomes compromised, § 33-19-104 requires notice to the affected consumer via written notice, electronic notice (if consistent with 15 U.S.C. 7001), telephone notice, or substitute notice. The business is required to notify a Montana resident if an unauthorized person acquired the resident’s personal information. Notice is also required if there is a reasonable belief of unauthorized acquisition. The notice should include the date(s) of the breach or probable breach and identify those elements of personal information that were likely acquired. The notice must also be sent to the Attorney General’s Office of Consumer Protection. If more than one Montana resident is affected, the business must indicate how many Montana residents were notified.

For information about cyber security, contact Revision Legal’s team of experienced data breach attorneys through the form on this page or call 855-473-8474.
Image courtesy of Flickr user Blue Coat Photos

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side