2 minute read
July 1st is No Picnic
July 1st is No Picnic: Preparing for the Effective Date of New State Statutes
By: Dave Pfeifle, Executive Director, SDPAA
Advertisement
Each July brings Fourth of July picnics, providing much excitement but also the added responsibility to figure out what to feed that many people. The term “picnic” is a bit of a misnomer as planning and preparing a meal and activities for dozens or even hundreds of guests is no picnic. Each July 1st also means that the newly enacted state statutes take effect, bringing new responsibilities for local governments in South Dakota.
While no one could make July 1st a “picnic, ” the SD Municipal League and SD Association of County Commissioners prepare their Members for these new responsibilities. Their endorsed pools—the SD Public Assurance Alliance (SDPAA) and the SDML Worker’s Compensation Fund—provide their local government Members the needed coverages to operate safely and effectively under these new responsibilities.
The SDPAA is governed by an eleven-member Board of Directors consisting of public officials and public employees drawn from their own public entity Members. The SDPAA staff consists of public employees with considerableclaimsandlocalgovernmentexperiencewho can uniquely identify any emerging issues for local governments, including the impact of any new state legislation. This article will highlight three measures that will become effective on July 1 that may impact local governments’liability exposure:
1. Breach of computerized data system
Cyber-attacks have occurred throughout the country, targeting many types of businesses and other organizations, including local governments. During the 2018 Legislative Session, the SD Legislature enacted SB 62, which provides new notice requirements for “information holders” to follow when certain cyberattacks occur. Under this new measure, a “person” or business that conducts business in this state that owns or licensescomputerizedpersonalorprotectedinformationof residents of this state is an “information holder. ” The “information holder, ” upon discovery of or notification of a breach of their system’s security must promptly notify any person or resident of this state whose personal or protected information was, or is reasonably believed to have been, acquired by an unauthorized person. This notification must occur within 60 days, unless a longer period of time is needed for legitimate needs of law enforcement.
A“person” is not specifically defined in this measure, but a “person” is defined elsewhere in state statutes to include a local government entity. See SDCL 22-1-2, SDCL 3724-6(“person”includes“anyotherlegalentity ”). OnJuly 1andthereafter,ifalocalgovernmenthasabreachoftheir computer system security, or is reasonably certain such breach has occurred, where certain statutorily-defined personalinformationisacquiredunlawfully,thenthelocal government may need to follow the specific notification requirements. These new notification requirements could be met if the local government otherwise complies with federal law and maintains procedures for a breach of system security pursuant to the federal laws and regulations established by the “primary or functional federalregulator, ”suchastheHealthInsurancePortability and Accountability Act of 1996 (HIPAA) or the Gramm Leach BlileyAct.
Members of the SDPAA are eligible for cyber liability coverage which provides indemnification and resources in dealingwithawidevarietyofcyber-attacksandassistance in complying with notification requirements. Members of theSDPAAarealsoeligibleforEnhancedCrimeCoverage that may also provide coverage for other types of Computer Fraud and Funds Transfer Fraud. Local governments may need the knowledge and expertise that accompany these coverages in complying with the notification requirements of other states in the event that out-of-state persons have been the victims of a cyberattack of a local government in South Dakota.
2. Public input at every Official Meeting of a Public Body
The SD Legislature enacted House Bill 1172, which will require, “The chair of the public body shall reserve at every official meeting by the public body a period for
