In order to protect individual privacy and prevent identity theft, state law requires that any person or business that conducts business in Wyoming and that owns or licenses computerized data that include personal identifying information about a resident of the state disclose any breach of security of its data system following discovery or notification of the breach.
Specifically, the law requires covered entities to conduct a good-faith, reasonable, and prompt investigation to determine the likelihood that personal identifying information has been or will be misused. If this investigation reveals that the misuse of personal identifying information about a Wyoming resident has occurred or is reasonably likely to occur, the covered entity (or individual) must give notice as soon as possible to the affected resident (WY Stat. Ann Sec. 40-12-501et seq.).
Personal information. "Personal information" is defined as an individual's first name or initial and last name in combination with any one or more of various data elements when either the name or the data elements are not encrypted or redacted. Such data elements may include an individual's Social Security number (SSN); driver's license number; state identification (ID) card number or Wyoming ID card number; account, credit, or debit card number along with any required code or password that would permit access to an individual's financial accounts; tribal ID card; or federal- or state government-issued ID card.
Effective July 1, 2015, these data elements will also include:
• Shared secrets or security tokens that are used for data-based ...