ID H0566

Expands breach notification requirements to apply to city, county, and state agencies, in addition to individuals and commercial entities that own or license computerized data containing Idaho residents' personal information.

Requires agencies, individuals, and commercial entities to conduct a reasonable investigation upon discovering a security breach and notify affected Idaho residents as soon as possible if misuse of personal information has occurred or is reasonably likely to occur.

Mandates that agencies notify the office of the Idaho Attorney General within twenty-four (24) hours of discovering a security breach, while maintaining existing reporting requirements to the chief information officer within the department of administration.

Makes it a misdemeanor for any governmental employee who intentionally discloses personal information not otherwise allowed by law, punishable by a fine of up to $2,000, imprisonment in county jail for up to one (1) year, or both.

Allows notification delays if a law enforcement agency advises that notice will impede a criminal investigation, with notice required in good faith without unreasonable delay once law enforcement advises notification will no longer impede the investigation.