Summary
On April 11, 2025, North Dakota Governor Kelly Armstrong enacted HB 1127, a new law introducing stringent data security requirements for financial institutions and certain nonbanking financial service providers. The law, effective from August 1, 2025, ensures a robust framework for safeguarding consumer information by mandating the establishment of information security programmes.
Key Points
- The Act targets “Covered Organizations,” including mortgage lenders, debt collection agencies, and payday lenders, while exempting banks and credit unions.
- It requires a designated individual responsible for the organisation’s cybersecurity and oversight protocols.
- Organisations must conduct periodic risk assessments, implement access controls, and develop incident response plans.
- Reporting obligations are set for any security breach affecting 500 or more individuals.
- Penalties for non-compliance can reach $100,000 per violation, alongside potential actions like license suspension.
Why should I read this?
If you’re in the financial sector, this new law could directly affect your operations. Knowing the ins and outs of these requirements will save you a world of hassle when it comes to compliance. We’ve done the legwork for you—boil this down to actionable insights!