North Dakota passed a bill requiring a financial corporation (nondepository entities regulated by the N.D. Department of Financial Institutions (Department)) to maintain a comprehensive information security program. Under the bill, a financial corporation must develop a comprehensive information security program that:
- Ensures the security and confidentiality of customer information;
- Protects against any anticipated threats or hazards to the security or integrity of such information; and
- Protects against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.
The bill also requires a financial corporation to notify the Department if a “notification event” involves the nonpublic personal information of at least 500 customers. “Notification event” means the acquisition of unencrypted customer information without the authorization of the individual to which the information pertains. The bill provides an exemption to certain requirements with respect to the information security program for financial corporations that maintain customer information concerning fewer than 5,000 consumers. The bill becomes effective August 1, 2025.
Click to view the ND HB 1127: https://www.tenaco.com/wp-content/uploads/2025/05/ND-HB-1127.pdf
