MINNESOTA
FINES & PENALTIES
Violations
Up to $25,000
BREACH NOTIFICATION
Mandated Timeframe
Within 48 hours (500+ notifications)
BREACH REPORTING
There are specific considerations when determining if a breach is reportable.
CONSUMER NOTIFICATION
Consumers must be notified without unreasonable delay. If notification by an organization for more than 500 persons at one time is required, consumer reporting agencies must be notified within 48 hours with specific information. If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
FINES & PENALTIES
Organizations may be fined or penalized for Vendor violations. The Attorney General can investigate violations and take steps to enforce compliance and to recover a civil penalty of up to $25,000 from violators.
INDUSTRY SPECIFIC LAWS
Internet service providers must take reasonable steps to maintain the security and privacy of a consumer’s personally identifiable information.
PRIVACY PROGRAM
No person or entity conducting business in Minnesota accepting an access device in connection with a transaction shall retain the card security code data, the PIN verification code number, or the full contents of any track of magnetic stripe data, subsequent to the authorization of the transaction or in the case of a PIN debit transaction, subsequent to 48 hours after authorization of the transaction.
VENDOR/3RD PARTIES
Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications.