HB 1314 Summary

• Creates new chapter in North Dakota Century Code requiring state agencies and political subdivisions to report identified or suspected cybersecurity incidents to the information technology department in the most expedient time possible without unreasonable delay.

• Defines reportable incidents including suspected breaches, malware causing significant damage ($10,000+), denial of service attacks, ransom demands, identity theft/fraud, and incidents requiring over $10,000 in remediation costs.

• Requires entities to provide ongoing disclosure to the department during incidents including number of exposed records, types of data exposed, mitigation efforts, and expected impact on services and individuals.

• Establishes department responsibilities to provide consultation and resources for incident response, establish secure disclosure methods, and report all cybersecurity incidents to legislative management while protecting victim privacy and cybersecurity strategies.

• Allows legislative and judicial branches to voluntarily disclose cybersecurity incidents to the information technology department.