Montana Data Breach Notification Law featured image

Montana Data Breach Notification Law

by John DiGiacomo

Partner

Montana Data Breach Notification Law has been updated to expand the definition of “personal information” and also require notice to the state attorney general’s consumer protection office. A data breach is generally a security incident in which sensitive, protected, or confidential data is copied, transmitted, stolen, viewed, or used by an individual unauthorized to do so. Data breaches can occur due to human error, deliberate hacking, or criminal cyber attacks. According to the Montana Department of Justice, over 100,000 Montana citizens have been victims of data breaches in the past year. Pursuant to Montana Code Annotated § 30-14-1704, businesses and state agencies are required to notify affected Montana residents if data breaches affect their personal information.

Montana Data Breach Notification Law

Under this statute, a “breach of the security of the data system” is the unauthorized acquisition of computerized data that materially compromises the security, confidentiality, or integrity of personal information maintained the business, and causes, or reasonably believed to cause, loss or damage to a Montana resident. For the purposes of this statute, personal information includes an individual’s first and last names, combined with one or more of the following:

  1. a social security number;
  2. driver’s license number, state identification card number, or tribal number;
  3. an account number, or credit or debit card number, in combination with any required security code, access code, or password;
  4. medical record information as defined in 33-19-104;
  5. taxpayer identification number; or
  6. an identity protection personal identification number issued by the U.S. Internal Revenue Service (IRS).  

When a Montana resident’s information becomes compromised, § 33-19-104 requires notice to the affected consumer via written notice, electronic notice (if consistent with 15 U.S.C. 7001), telephone notice, or substitute notice. The business is required to notify a Montana resident if an unauthorized person acquired the resident’s personal information. Notice is also required if there is a reasonable belief of unauthorized acquisition. The notice should include the date(s) of the breach or probable breach and identify those elements of personal information that were likely acquired. The notice must also be sent to the Attorney General’s Office of Consumer Protection. If more than one Montana resident is affected, the business must indicate how many Montana residents were notified.

For information about cyber security, contact Revision Legal’s team of experienced data breach attorneys through the form on this page or call 855-473-8474.
Image courtesy of Flickr user Blue Coat Photos

Extra, Extra!
Recent Posts

Trademarks: What is the Difference Between the Circle R and TM Symbols?

Trademarks: What is the Difference Between the Circle R and TM Symbols?

Trademark

The Circle R and the TM symbols both relate to trademarks and both can be physically placed on products, packaging, advertising materials, websites, etc. The Circle R symbol is an “R” enclosed in a circle (®). While both are trademark-related symbols, there are different eligibility requirements for use, meanings, and implications. Here is a quick […]

Read more about Trademarks: What is the Difference Between the Circle R and TM Symbols?

Is Your E-Commerce Advertising in Compliance With Existing Laws?

Is Your E-Commerce Advertising in Compliance With Existing Laws?

Internet Law

E-commerce businesses must comply with federal and State-level advertising laws and regulations. This is true of any business. But e-commerce businesses face special challenges because there is a whole array of potential methods of innocently, accidentally, or intentionally violating advertising laws. These include the potential to engage in false and deceptive advertising practices, such as […]

Read more about Is Your E-Commerce Advertising in Compliance With Existing Laws?

Put Revision Legal on your side