NORTH DAKOTA DATA BREACH NOTIFICATION PACKAGE
(Compliant with N.D. Cent. Code ch. 51-30)
[// GUIDANCE: Provide this packet to (i) the North Dakota Attorney General – Consumer Protection & Antitrust Division and (ii) every affected North Dakota resident. Delete any sections that do not apply to your facts and complete all bracketed placeholders before sending.]
TABLE OF CONTENTS
- Attorney General Notification Cover Letter
- Incident Report Form (Attachment A to AG Letter)
- Consumer Notification Letter Template
- “Steps You Can Take to Protect Your Information” (Consumer Attachment A)
- Credit Bureau & FTC Contact Sheet (Consumer Attachment B)
1. ATTORNEY GENERAL NOTIFICATION COVER LETTER
(On Company Letterhead)
[DATE]
VIA EMAIL ([email protected]) AND U.S. MAIL
North Dakota Attorney General
Consumer Protection & Antitrust Division
Gateway Professional Center
1050 E. Interstate Ave., Suite 200
Bismarck, ND 58503
Re: Notice of Security Breach Pursuant to N.D. Cent. Code ch. 51-30
Dear Attorney General:
Pursuant to N.D. Cent. Code §§ 51-30-01 et seq., [COMPANY LEGAL NAME], a [STATE OF INCORPORATION] [ENTITY TYPE] (“Company”), hereby provides notice of a breach of the security of its data system affecting the personal information of North Dakota residents.
Enclosed as Attachment A is the Incident Report Form containing the information required by North Dakota law, including:
• the nature and scope of the incident;
• the categories of personal information involved;
• the number of North Dakota residents impacted (currently estimated at [NUMBER]);
• the timing and method of consumer notification; and
• remedial measures undertaken.
A sample copy of the consumer notification letter is enclosed as Attachment B.
Please contact the undersigned at [PHONE] or [EMAIL] with any questions.
Respectfully submitted,
[NAME]
[Title]
[COMPANY LEGAL NAME]
[ADDRESS] | [PHONE] | [EMAIL]
2. INCIDENT REPORT FORM
(Attachment A to AG Letter)
[// GUIDANCE: Complete all fields; add rows as needed.]
| Item | Required Information |
|---|---|
| A. Incident Date(s) | [MM/DD/YYYY – MM/DD/YYYY] |
| B. Discovery Date | [MM/DD/YYYY] |
| C. Breach Type | ☐ External system intrusion ☐ Phishing ☐ Lost/stolen device ☐ Insider misuse ☐ Other: [DESCRIBE] |
| D. Categories of Personal Information | ☐ Social Security numbers ☐ Driver’s license numbers ☐ Account/CC numbers+security codes ☐ Medical/health info ☐ Online credentials ☐ Other: [DESCRIBE] |
| E. Total Individuals Affected | Worldwide: [NUMBER] North Dakota residents: [NUMBER] |
| F. Method of Consumer Notice | ☐ Written letter ☐ Email (if consented) ☐ Substitute notice (per § 51-30-02(6)) |
| G. Date(s) of Consumer Notice | Anticipated: [MM/DD/YYYY] Completed: [MM/DD/YYYY] |
| H. Law-Enforcement Involvement | ☐ Yes ☐ No If yes, agency & contact: [DETAILS] |
| I. Remediation & Mitigation | [DESCRIBE credit monitoring, system security upgrades, employee retraining, etc.] |
| J. Point of Contact | Name/Title: [NAME/TITLE] Phone: [PHONE] Email: [EMAIL] |
3. CONSUMER NOTIFICATION LETTER TEMPLATE
(On Company Letterhead)
[DATE]
[CONSUMER NAME]
[CONSUMER ADDRESS]
[CITY, STATE ZIP]
NOTICE OF DATA BREACH
Dear [Mr./Ms.] [LAST NAME]:
We are writing to inform you of an incident that may have involved your personal information. This letter provides details about the incident, the steps we have taken, and measures you can take to protect yourself.
WHAT HAPPENED?
On [INCIDENT DISCOVERY DATE], we determined that on [INCIDENT DATE OR DATE RANGE], an unauthorized party [BRIEFLY DESCRIBE ACTION—e.g., “gained access to a Company email account”]. Upon discovery, we immediately initiated our incident response plan, secured the affected systems, and engaged independent cybersecurity experts to assist.
WHAT INFORMATION WAS INVOLVED?
The investigation determined that the following elements of your personal information may have been accessed:
[• Social Security number
• Driver’s license / state ID number
• Financial account number in combination with security code
• Medical information
• Username and password]
Please note that the information impacted varies by individual; not all data elements listed above applied to every person.
WHAT WE ARE DOING.
• Reported the incident to, and are cooperating with, law-enforcement authorities.
• Notified the North Dakota Attorney General as required by N.D. Cent. Code ch. 51-30.
• Implemented enhanced technical safeguards, including [ENCRYPTION / MFA / LOG MONITORING].
• Offering you [12/24] months of complimentary [IDENTITY THEFT PROTECTION PRODUCT] that includes credit monitoring, fraud consultation, and identity theft insurance. Instructions to activate this service are enclosed in Attachment A.
WHAT YOU CAN DO.
Please review Attachment A (“Steps You Can Take to Protect Your Information”) for guidance on placing fraud alerts, obtaining free credit reports, and security-freezing your credit file. We also provide contact information for the three nationwide credit bureaus and the Federal Trade Commission in Attachment B.
FOR MORE INFORMATION.
If you have questions or need assistance, please contact our dedicated call center at [TOLL-FREE NUMBER] Monday through Friday, [HOURS], or visit [SECURE INCIDENT WEBSITE]. When calling, please reference engagement code [CODE].
We regret any concern or inconvenience this incident may cause and remain committed to safeguarding your personal information.
Sincerely,
[NAME]
[Title]
[COMPANY LEGAL NAME]
[ADDRESS] | [PHONE] | [EMAIL]
4. ATTACHMENT A – STEPS YOU CAN TAKE TO PROTECT YOUR INFORMATION
[// GUIDANCE: This attachment satisfies N.D. consumer-notice content expectations and national best practices.]
-
Review Your Account Statements and Credit Reports
• Monitor bank, credit-card, and insurance statements for suspicious activity.
• Obtain a free credit report from each bureau at www.AnnualCreditReport.com or 1-877-322-8228. -
Place a Fraud Alert
• Contact any one of the three credit bureaus to request a one-year fraud alert.
- Equifax: 1-888-766-0008 | www.equifax.com
- Experian: 1-888-397-3742 | www.experian.com
- TransUnion: 1-800-680-7289 | www.transunion.com -
Security Freeze (Also Called a “Credit Freeze”)
• You have the right to place a free security freeze on your credit file, preventing new credit from being opened in your name without your authorization. Contact each bureau using the numbers above or via their websites. -
Report Identity Theft
• If you believe you are a victim of identity theft, file a police report and contact the FTC at www.IdentityTheft.gov or 1-877-438-4338. -
Additional Resources for North Dakota Residents
• North Dakota Office of Attorney General, Consumer Protection Division: 1-800-472-2600 or 701-328-3404.
5. ATTACHMENT B – CREDIT BUREAU & FTC CONTACT INFORMATION
| Agency | Phone | Online | Mailing Address |
|---|---|---|---|
| Equifax | 1-888-766-0008 | www.equifax.com | P.O. Box 105788, Atlanta, GA 30348-5788 |
| Experian | 1-888-397-3742 | www.experian.com | P.O. Box 9554, Allen, TX 75013 |
| TransUnion | 1-800-680-7289 | www.transunion.com | P.O. Box 2000, Chester, PA 19016 |
| Federal Trade Commission | 1-877-438-4338 | www.IdentityTheft.gov | 600 Pennsylvania Ave NW, Washington, DC 20580 |
[// GUIDANCE:
1. Timing – ND law requires notice “in the most expedient time possible and without unreasonable delay” after discovery, subject to law-enforcement or security-remediation needs.
2. Substitute Notice – If notification costs exceed $250,000, affected persons exceed 500,000, or the entity lacks sufficient contact information, follow the substitute-notice methods in N.D. Cent. Code § 51-30-02(6).
3. Record Retention – Maintain documentation of the breach and notification for at least five (5) years for regulatory inspection.
4. AG Threshold – Notify the AG if ≥ 250 ND residents are impacted, even if the breach occurs outside ND.]