Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View

South Dakota's Data Protection Law: A Comprehensive Guide

Published December 18, 2024 / Updated March 10, 2025

Contributors

Anas Baig

Product Marketing Manager at Securiti

Muhammad Ismail

Assoc. Data Privacy Analyst at Securiti

Adeel Hasan

Sr. Data Privacy Analyst at Securiti

CIPM, CIPP/Canada

Currently, South Dakota doesn't have a comprehensive data privacy law. You can visit our US State Privacy Laws Tracker to stay updated on the progress of privacy-related bills across the US.

Data protection laws have become a necessity in the current era. More and more countries are formulating or implementing such laws to enhance data safeguards and provide consumers with privacy rights.

Data privacy and protection laws exist in the United States at different levels.

Federal and sectoral laws like the Children’s Online Privacy Protection Act and the Fair Credit Reporting Act have limited material and territorial scopes. State-level comprehensive data privacy laws, with wider application and scope, include the California Consumer Protection Act and the Colorado Privacy Act.

However, not every state has an established comprehensive privacy law. In such an event, businesses operating in the state should still follow the best compliance practices to stay compliant with federal and sectoral laws and build customer trust.

The blog aims to offer readers a brief overview of the current status of data privacy laws in South Dakota.

Understanding South Dakota's Data Protection Law

South Dakota Breach Notification Law (Section 22-40-20 of South Dakota Codified Laws) mandates that organizations must notify data owners not later than sixty days from the discovery or notification of the breach of system security unless a longer period of time is required due to the legitimate needs of law enforcement, in the event their system security is breached due to any unauthorized access, compromising the security, confidentiality, and integrity of the data. Notification laws are common in most states as the regulation enables organizations to be proactive in preventing and mitigating data breach incidents and also notifying the impacted individuals so they may take necessary measures to protect their sensitive data accordingly.

The Children’s Online Privacy Protection Act (COPPA) is a federal data protection law that emphasizes protecting minors' privacy, i.e., children under the age of 13 years of age. The privacy of minors is taken seriously not only in the US but also in other countries globally. Hence, businesses must implement appropriate privacy and security controls around the data of minors to prevent any legal consequences.

Similar other laws, such as the Fair Credit Reporting Act (FCRA) and Gramm-Leach-Bliley Act (GLBA), exist to protect certain categories of personal and sensitive personal data.

Best Practices

  • Businesses must learn more about federal, sectoral, and state-specific laws and examine the territorial scope.
  • Businesses must conduct a thorough data asset and sensitive data discovery process to identify all data in the environment. Further data classification and cataloging enable businesses to categorize the data with labels and tags.
  • Businesses should also create and automate privacy policies that inform users about data collection and processing practices and purposes.
  • Appropriate security measures should be employed, such as data security policies, access policies and controls, etc.
  • Businesses must minimize their data collection to only what is reasonably necessary and specific to the purpose. This allows businesses to reduce risks associated with collecting large volumes.

Conclusion

Though South Dakota has yet to establish a state-wide data privacy law, it recognizes the importance of residents’ data protection. Hence, businesses must proactively streamline their privacy practices to meet compliance and build trust.

Share

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Videos

View More

Mitigating OWASP Top 10 for LLM Applications 2025

Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...

View More

DSPM vs. CSPM – What’s the Difference?

While the cloud has offered the world immense growth opportunities, it has also introduced unprecedented challenges and risks. Solutions like Cloud Security Posture Management...

View More

Top 6 DSPM Use Cases

With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...

View More

Colorado Privacy Act (CPA)

What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...

View More

Securiti for Copilot in SaaS

Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...

View More

Top 10 Considerations for Safely Using Unstructured Data with GenAI

A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....

View More

Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes

As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...

View More

Navigating CPRA: Key Insights for Businesses

What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...

View More

Navigating the Shift: Transitioning to PCI DSS v4.0

What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...

View More

Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)

AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...

Spotlight Talks

Spotlight 14:21

AI Governance Is Much More than Technology Risk Mitigation

AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3

You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge

Watch Now View
Spotlight 47:42

Cybersecurity – Where Leaders are Buying, Building, and Partnering

Rehan Jalil
Watch Now View
Spotlight 27:29

Building Safe AI with Databricks and Gencore

Rehan Jalil
Watch Now View
Spotlight 46:02

Building Safe Enterprise AI: A Practical Roadmap

Watch Now View
Spotlight 13:32

Ensuring Solid Governance Is Like Squeezing Jello

Watch Now View
Spotlight 40:46

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

Watch Now View
Spotlight 10:05

Unstructured Data: Analytics Goldmine or a Governance Minefield?

Viral Kamdar
Watch Now View
Spotlight 21:30

Companies Cannot Grow If CISOs Don’t Allow Experimentation

Watch Now View
Spotlight 2:48

Unlocking Gen AI For Enterprise With Rehan Jalil

Rehan Jalil
Watch Now View

Latest

View More

From Trial to Trusted: Securely Scaling Microsoft Copilot in the Enterprise

AI copilots and agents embedded in SaaS are rapidly reshaping how enterprises work. Business leaders and IT teams see them as a gateway to...

The ROI of Safe Enterprise AI View More

The ROI of Safe Enterprise AI: A Business Leader’s Guide

The fundamental truth of today’s competitive landscape is that businesses harnessing data through AI will outperform those that don’t. Especially with 90% of enterprise...

Data Security Governance View More

Data Security Governance: Key Principles and Best Practices for Protection

Learn about Data Security Governance, its importance in protecting sensitive data, ensuring compliance, and managing risks. Best practices for securing data.

AI TRiSM View More

What is AI TRiSM and Why It’s Essential in the Era of GenAI

The launch of ChatGPT in late 2022 was a watershed moment for AI, introducing the world to the possibilities of GenAI. After OpenAI made...

Managing Privacy Risks in Large Language Models (LLMs) View More

Managing Privacy Risks in Large Language Models (LLMs)

Download the whitepaper to learn how to manage privacy risks in large language models (LLMs). Gain comprehensive insights to avoid violations.

View More

Top 10 Privacy Milestones That Defined 2024

Discover the top 10 privacy milestones that defined 2024. Learn how privacy evolved in 2024, including key legislations enacted, data breaches, and AI milestones.

Comparison of RoPA Field Requirements Across Jurisdictions View More

Comparison of RoPA Field Requirements Across Jurisdictions

Download the infographic to compare Records of Processing Activities (RoPA) field requirements across jurisdictions. Learn its importance, penalties, and how to navigate RoPA.

Navigating Kenya’s Data Protection Act View More

Navigating Kenya’s Data Protection Act: What Organizations Need To Know

Download the infographic to discover key details about navigating Kenya’s Data Protection Act and simplify your compliance journey.

Gencore AI and Amazon Bedrock View More

Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock

Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...

DSPM Vendor Due Diligence View More

DSPM Vendor Due Diligence

DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...

What's
New