Nevada has amended its breach notification law, effective July 1, 2015, to include a medical or health insurance identification number and a user name, unique identifier, or e-mail address in combination with a password or code that allows access to an online account within the definition of personal information that requires notification if it is breached.
Similarly, North Dakota has amended its breach notification law to require any personal or entity—not just businesses in North Dakota—to notify North Dakota residents of a security breach involving their personal information. The amendment also requires notification of the breach to the North Dakota Attorney General’s office if the breach affects more than 250 individuals. Finally, the amendment only requires notification if there is a breach of employee identification numbers if they are in combination with a security code, access code or password that could be used to access the identification number. The North Dakota law becomes effective on August 1, 2015.