Title 28, chapter 51, Idaho Code, governs security breaches that affect Idahoans. Idaho law defines a security breach as: “the illegal acquisition of unencrypted computerized data that materially compromises the security, confidentiality, or integrity of personal information for one or more persons maintained by an agency, individual or a commercial entity.”
Idaho Code § 28-51-105(1) requires an Idaho public agency to notify the Attorney General’s Office within 24 hours of discovering a breach of its security system. A commercial entity that experiences a breach may notify the Attorney General’s Office but is not required to do so.
Public agencies and commercial entities may report security breaches to the Attorney General’s Consumer Protection Division at consumer_protection@ag.idaho.gov or at:
Questions regarding Idaho’s security breach notification law may be directed to deputy attorney general Stephanie N. Guyon at 208-334-4135 or at stephanie.guyon@ag.idaho.gov.
The following list includes the security breach notices the Attorney General’s Office has received since January 1, 2021: