Montana Data Breach Notification Law featured image

Montana Data Breach Notification Law

by John DiGiacomo

Partner

Montana Data Breach Notification Law has been updated to expand the definition of “personal information” and also require notice to the state attorney general’s consumer protection office. A data breach is generally a security incident in which sensitive, protected, or confidential data is copied, transmitted, stolen, viewed, or used by an individual unauthorized to do so. Data breaches can occur due to human error, deliberate hacking, or criminal cyber attacks. According to the Montana Department of Justice, over 100,000 Montana citizens have been victims of data breaches in the past year. Pursuant to Montana Code Annotated § 30-14-1704, businesses and state agencies are required to notify affected Montana residents if data breaches affect their personal information.

Montana Data Breach Notification Law

Under this statute, a “breach of the security of the data system” is the unauthorized acquisition of computerized data that materially compromises the security, confidentiality, or integrity of personal information maintained the business, and causes, or reasonably believed to cause, loss or damage to a Montana resident. For the purposes of this statute, personal information includes an individual’s first and last names, combined with one or more of the following:

  1. a social security number;
  2. driver’s license number, state identification card number, or tribal number;
  3. an account number, or credit or debit card number, in combination with any required security code, access code, or password;
  4. medical record information as defined in 33-19-104;
  5. taxpayer identification number; or
  6. an identity protection personal identification number issued by the U.S. Internal Revenue Service (IRS).  

When a Montana resident’s information becomes compromised, § 33-19-104 requires notice to the affected consumer via written notice, electronic notice (if consistent with 15 U.S.C. 7001), telephone notice, or substitute notice. The business is required to notify a Montana resident if an unauthorized person acquired the resident’s personal information. Notice is also required if there is a reasonable belief of unauthorized acquisition. The notice should include the date(s) of the breach or probable breach and identify those elements of personal information that were likely acquired. The notice must also be sent to the Attorney General’s Office of Consumer Protection. If more than one Montana resident is affected, the business must indicate how many Montana residents were notified.

For information about cyber security, contact Revision Legal’s team of experienced data breach attorneys through the form on this page or call 855-473-8474.
Image courtesy of Flickr user Blue Coat Photos

Extra, Extra!
Recent Posts

Esports Intellectual Property Lawyers: Gaming Law

Esports Intellectual Property Lawyers: Gaming Law

Internet Law

Like any business, esports businesses must protect their various forms of intellectual property (“IP”). IP can be valuable. Indeed, with some esports businesses, the largest component of their business valuation is their IP, including trademarks, copyrights, patent rights, domain name registrations, and trade secrets. IP can also include various assignments, licenses, and other permission-granting contractual […]

Read more about Esports Intellectual Property Lawyers: Gaming Law

E-Commerce Acquisition Lawyers

E-Commerce Acquisition Lawyers

Internet Law

Revision Legal is a law firm focusing on e-commerce and internet law with deep experience in providing legal services with respect to mergers and acquisitions of e-commerce businesses. E-commerce is, of course, businesses that make money online. But that “online” aspect presents unique legal and practical challenges for e-commerce acquisitions. Any business acquisition requires a […]

Read more about E-Commerce Acquisition Lawyers

Quality Control Requirements for Trademark Licensing

Quality Control Requirements for Trademark Licensing

Trademark

Trademark licensing can create valuable revenue streams for your business. Licensing has the advantage that your business retains possession of the trademark and can create more than one licensing regime over the life of your business. Licensing is also a method of expanding the reach (and value) of your trademark without the need to invest […]

Read more about Quality Control Requirements for Trademark Licensing

Put Revision Legal on your side