In December 2024, the SHIELD Act was also amended to require a 30 day notification timeline after the discovery of a breach. A failure to provide timely notification may lead to civil penalties up to $250,000. Other State Privacy and Breach Notification Laws Following extensive fears of identity theft and highly publicized data security breaches, most states, including Minnesota, passed laws requiring consumer notification when a security breach involving private information occurs. While there continues to be discussion about the need for a comprehensive federal law that would preempt the patchwork of state laws and create a uniform standard, as of the publication of this Guide, there is no such federal breach notification statute. A Minnesota business is therefore still required to comply with multiple state laws in the event of a data breach that involves the personal information of residents of other states. State Breach Notification Laws Minnesota and all other states have enacted laws that require notification to individuals in the event of a security breach of sensitive or personal information. These laws usually cover any businesses that conduct business in the state and own, license, or maintain information covered by the statute (usually defined as the person’s name, combined with their social security number, driver’s license number, or credit and banking account information), regardless of the size of the business. Artificial Intelligence As states are expanding data privacy protections, a new patchwork of laws are beginning to take shape in California, Texas, Colorado, Utah and other states for regulating the use of artificial intelligence technologies and systems. Much like the comprehensive state laws, recent AI statutes in, Texas, Utah, Colorado, and California distinguish between regulated roles (in the case of AI, it’s developers and deployers), impose heightened obligations for high-risk processing, and require transparency,
136
Made with FlippingBook - Online Brochure Maker