In order to protect individual privacy and prevent identity theft, state law requires that any person or business that conducts business in Wyoming and that owns or licenses computerized data that include personal identifying information about a resident of the state disclose any breach of security of its data system following discovery or notification of the breach.
Specifically, the law requires covered entities to conduct a good-faith, reasonable, and prompt investigation to determine the likelihood that personal identifying information has been or will be misused. If this investigation reveals that the misuse of personal identifying information about a Wyoming resident has occurred or is reasonably likely to occur, the covered entity (or individual) must give notice as soon as possible to the affected resident (WY Stat. Ann Sec. 40-12-501et seq.).
Personal information. "Personal identifying information" is defined as an individual's first name or initial and last name in combination with any one or more of the following data elements, when the data elements are not redacted:
• Social Security number (SSN);
• Driver’s license number;
• Account, credit, or debit card number along with any required code or password that would permit access to an individual's financial accounts;
• Federal, state, or tribal identification (ID) card;
• Shared secrets or security tokens that are used for data-based authentication;
• Any username or e-mail address in combination with a password or security question and answer that would permit access to an online account;
• A birth or marriage ...