2014
800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.

Data Breach Laws in Montana: Reporting Requirements

In the state of Montana, a business that suffers a data breach must investigate the likelihood that personal information will be compromised. Affected Montana residents must be notified of the breach as soon as possible by mail, telephone, or email. If the security breach affects more than 500,000 people, or the cost of notification exceeds $250,000, businesses can use public service announcements to fulfill notification requirements.

Name of Law / Statute

Impediment of Identity Theft

Definition of Protected Information

More expansive Standard PI definition that includes signature, address, or telephone # in combo with standard items (drivers' license, cc or dc #s, passport, etc.); includes insurance policy number and SSN alone [Standard definition: Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes]

Who Is Subject to Law?

Any person or business conducting business in the state who licenses or owns PI

Notification of Consumers?

Yes

By what means?

Written, phone, or electronic

Substitute Notice Threshold?

If cost of notice >$250,000 or involves >500k residents

Notification of authorities / regulators required?

No

By what means?

N/A

Regulatory Fines

Up to $10k/violation (for willful violations)

Credit monitoring requirement?

No, but must coordinate with credit agency on behalf of consumers

Private lawsuits allowed?

No

Private damages cap?

N/A

Regulatory actions allowed?

N/A

HIPAA Compliance exemption?

N/A

Other  (e.g., timeframe)

Law does not apply if PI was encrypted

Link to complete law

http://leg.mt.gov/bills/mca_toc/30_14_17.htm

Read the full text of Montana’s data breach law.

70% of businesses raise prices or cut hiring when sued