State Privacy Law Tracker: South Dakota

Currently, there are no South Dakota privacy laws or South Dakota consumer privacy acts introduced or in effect in South Dakota. However, South Dakota does have a privacy-related data breach notification law. 

South Dakota Data Breach Notification Law

South Dakota was the second-last state to implement legislation on notification of security breaches, leaving Alabama at the time as the only state without a data breach notification law.

Under the South Dakota Data Breach Notification Law, a “breach of system security” must be disclosed to any South Dakota resident whose personal or protected information was obtained by an unauthorized person, or is reasonably believed to have been acquired by such an individual, according to South Dakota privacy act.

South Dakota recognizes the right to privacy in its state constitution.

The four torts of privacy invasion are as follows:

1. Intrusion upon seclusion: This tort occurs when someone intentionally intrudes upon the private affairs or seclusion of another person in a manner that would be highly offensive to a reasonable person. It involves invading someone’s physical or personal space without their consent, such as through unauthorized surveillance or trespassing.
2. Appropriation of likeness or identity: This tort, also known as the right of publicity, involves the unauthorized use of someone’s name, image, or likeness for commercial purposes. It generally applies to situations where a person’s image or identity is used without their consent in advertising, endorsements, or other promotional activities.
3. Public disclosure of private facts: This tort occurs when private, non-public information about an individual is disclosed to the public without their consent, and the disclosure would be highly offensive to a reasonable person. It typically involves the public dissemination of personal details, such as private medical information, financial records, or intimate details of a person’s personal life.
4. False light: False light is a tort that involves the publication or dissemination of false or misleading information about an individual that places them in a false or distorted light and is highly offensive to a reasonable person. It differs from defamation in that it does not necessarily involve making false statements about someone but rather presenting true information in a way that creates a false impression or conveys a false meaning.

What is a Comprehensive Privacy Law?

A comprehensive privacy law, also known as a comprehensive data protection law or a general data protection regulation, is a legal framework that sets out rules and regulations for the collection, use, storage, and protection of personal data. It is designed to safeguard individuals’ privacy rights and establish guidelines for organizations that handle personal information.

A comprehensive privacy law typically encompasses several key elements:

1. Scope and applicability: It defines the types of personal data covered by the law and specifies the entities and individuals subject to its provisions. This may include businesses, government agencies, and other organizations that process personal data.
2. Consent and individual rights: It outlines the requirements for obtaining valid consent from individuals before collecting and processing their personal data. It also grants individuals certain rights, such as the right to access their data, correct inaccuracies, and request its deletion.
3. Data handling practices: It establishes rules and principles for how organizations should handle personal data. This may include requirements for data minimization (collecting only the necessary data), purpose limitation (using data only for specified purposes), and data accuracy.
4. Security and data breaches: It mandates organizations to implement appropriate security measures to protect personal data from unauthorized access, loss, or misuse. It may also require organizations to report data breaches promptly and take necessary actions to mitigate harm.
5. Enforcement and penalties: It establishes regulatory authorities responsible for enforcing the privacy law, conducting investigations, and imposing penalties or fines for non-compliance. The penalties may vary based on the severity of the violation.

The European Union’s General Data Protection Regulation (GDPR) is an example of a comprehensive privacy law that sets high standards for data protection and privacy across its member states. Many US states have also implemented comprehensive laws, and the trendsetter is California’s  CPRA.

Stay with Centraleyes as we keep you updated on new developments in the area of state privacy laws.