Section 54-59.1-03 - Ongoing disclosure to the department during a cybersecurity incidentUntil a cybersecurity incident is resolved, an entity shall disclose clarifying details regarding a cybersecurity incident to the department, including:
1. The number of potentially exposed records;2. The type of records potentially exposed, including health insurance information, medical information, criminal justice information, regulated information, financial information, and personal information;3. Efforts the entity is undertaking to mitigate and remediate the damage of the incident to the entity and other affected entities; and4. The expected impact of the incident, including:a. The disruption of the entity services;b. The effect on customers and employees that experienced data or service losses;c. The effect on entities receiving wide area network services from the department; andd. Other concerns that could potentially disrupt or degrade the confidentiality, integrity, or availability of information systems, data, or services that may affect the state.Added by S.L. 2021, ch. (TBD) (HB 1314),§ 1, eff. 8/1/2021.