Seen on The National Law Review:
On April 11, North Dakota enacted HB 1127, overhauling its regulatory framework for financial institutions and nonbank financial service providers. The law amends multiple chapters of the North Dakota Century Code and creates a new data security mandate for financial corporations—a category that includes non-depository entities regulated by the Department of Financial Institutions (DFI). It also expands the licensing requirement for brokers to include “alternative financing products,” potentially impacting a broad array of fintech providers.
The law introduces sweeping data protection obligations for nonbank financial corporations through new requirements created in Chapter 13-01.2.
Among the new requirements, entities must:
- Secure consumer data. Encryption of data in transit and at rest is required unless a compensating control is approved. Multifactor authentication is also mandatory.
- Notify regulators of breaches. A data breach involving 500 or more consumers must be reported to the Commissioner within 45 days.
Read more about new requirements and provision of the law from SheppardMullin at The National Law Review.
