Earlier this year, North Dakota’s Governor signed HB 1127, which imposes new obligations for financial corporations operating in North Dakota. The law will take effect on August 1, 2025. From JacksonLewis, an explainer on the new law’s requirements for a comprehensive, written information security programs:
- Designated Security Leadership: The information security program must denote a qualified individual responsible for implementing, overseeing, and enforcing the program.
- Risk Assessment: foundational to the information security program is the written risk assessment, which identifies reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information.
- Safeguards: The corporation must design and implement safeguards to control and mitigate the risks identified through the risk assessment. This should include a periodic review of the corporation’s data retention policy.
Read more of the required elements at Workplace Privacy, Data Management & Security Report.
