Securiti leads GigaOm's DSPM Vendor Evaluation with top ratings across technical capabilities & business value.

View

South Dakota's Data Protection Law: A Comprehensive Guide

Published December 18, 2024 / Updated March 10, 2025

Contributors

Anas Baig

Product Marketing Manager at Securiti

Muhammad Ismail

Assoc. Data Privacy Analyst at Securiti

Adeel Hasan

Sr. Data Privacy Analyst at Securiti

CIPM, CIPP/Canada

Currently, South Dakota doesn't have a comprehensive data privacy law. You can visit our US State Privacy Laws Tracker to stay updated on the progress of privacy-related bills across the US.

Data protection laws have become a necessity in the current era. More and more countries are formulating or implementing such laws to enhance data safeguards and provide consumers with privacy rights.

Data privacy and protection laws exist in the United States at different levels.

Federal and sectoral laws like the Children’s Online Privacy Protection Act and the Fair Credit Reporting Act have limited material and territorial scopes. State-level comprehensive data privacy laws, with wider application and scope, include the California Consumer Protection Act and the Colorado Privacy Act.

However, not every state has an established comprehensive privacy law. In such an event, businesses operating in the state should still follow the best compliance practices to stay compliant with federal and sectoral laws and build customer trust.

The blog aims to offer readers a brief overview of the current status of data privacy laws in South Dakota.

Understanding South Dakota's Data Protection Law

South Dakota Breach Notification Law (Section 22-40-20 of South Dakota Codified Laws) mandates that organizations must notify data owners not later than sixty days from the discovery or notification of the breach of system security unless a longer period of time is required due to the legitimate needs of law enforcement, in the event their system security is breached due to any unauthorized access, compromising the security, confidentiality, and integrity of the data. Notification laws are common in most states as the regulation enables organizations to be proactive in preventing and mitigating data breach incidents and also notifying the impacted individuals so they may take necessary measures to protect their sensitive data accordingly.

The Children’s Online Privacy Protection Act (COPPA) is a federal data protection law that emphasizes protecting minors' privacy, i.e., children under the age of 13 years of age. The privacy of minors is taken seriously not only in the US but also in other countries globally. Hence, businesses must implement appropriate privacy and security controls around the data of minors to prevent any legal consequences.

Similar other laws, such as the Fair Credit Reporting Act (FCRA) and Gramm-Leach-Bliley Act (GLBA), exist to protect certain categories of personal and sensitive personal data.

Best Practices

  • Businesses must learn more about federal, sectoral, and state-specific laws and examine the territorial scope.
  • Businesses must conduct a thorough data asset and sensitive data discovery process to identify all data in the environment. Further data classification and cataloging enable businesses to categorize the data with labels and tags.
  • Businesses should also create and automate privacy policies that inform users about data collection and processing practices and purposes.
  • Appropriate security measures should be employed, such as data security policies, access policies and controls, etc.
  • Businesses must minimize their data collection to only what is reasonably necessary and specific to the purpose. This allows businesses to reduce risks associated with collecting large volumes.

Conclusion

Though South Dakota has yet to establish a state-wide data privacy law, it recognizes the importance of residents’ data protection. Hence, businesses must proactively streamline their privacy practices to meet compliance and build trust.

Share

Join Our Newsletter

Get all the latest information, law updates and more delivered to your inbox

Videos

View More

Mitigating OWASP Top 10 for LLM Applications 2025

Generative AI (GenAI) has transformed how enterprises operate, scale, and grow. There’s an AI application for every purpose, from increasing employee productivity to streamlining...

View More

DSPM vs. CSPM – What’s the Difference?

While the cloud has offered the world immense growth opportunities, it has also introduced unprecedented challenges and risks. Solutions like Cloud Security Posture Management...

View More

Top 6 DSPM Use Cases

With the advent of Generative AI (GenAI), data has become more dynamic. New data is generated faster than ever, transmitted to various systems, applications,...

View More

Colorado Privacy Act (CPA)

What is the Colorado Privacy Act? The CPA is a comprehensive privacy law signed on July 7, 2021. It established new standards for personal...

View More

Securiti for Copilot in SaaS

Accelerate Copilot Adoption Securely & Confidently Organizations are eager to adopt Microsoft 365 Copilot for increased productivity and efficiency. However, security concerns like data...

View More

Top 10 Considerations for Safely Using Unstructured Data with GenAI

A staggering 90% of an organization's data is unstructured. This data is rapidly being used to fuel GenAI applications like chatbots and AI search....

View More

Gencore AI: Building Safe, Enterprise-grade AI Systems in Minutes

As enterprises adopt generative AI, data and AI teams face numerous hurdles: securely connecting unstructured and structured data sources, maintaining proper controls and governance,...

View More

Navigating CPRA: Key Insights for Businesses

What is CPRA? The California Privacy Rights Act (CPRA) is California's state legislation aimed at protecting residents' digital privacy. It became effective on January...

View More

Navigating the Shift: Transitioning to PCI DSS v4.0

What is PCI DSS? PCI DSS (Payment Card Industry Data Security Standard) is a set of security standards to ensure safe processing, storage, and...

View More

Securing Data+AI : Playbook for Trust, Risk, and Security Management (TRiSM)

AI's growing security risks have 48% of global CISOs alarmed. Join this keynote to learn about a practical playbook for enabling AI Trust, Risk,...

Spotlight Talks

Spotlight 13:38

Accelerating Miracles — How Sanofi is Embedding AI to Significantly Reduce Drug Development Timelines

Sanofi Thumbnail
Watch Now View
Spotlight 10:35

There’s Been a Material Shift in the Data Center of Gravity

Watch Now View
Spotlight 14:21

AI Governance Is Much More than Technology Risk Mitigation

AI Governance Is Much More than Technology Risk Mitigation
Watch Now View
Spotlight 12:!3

You Can’t Build Pipelines, Warehouses, or AI Platforms Without Business Knowledge

Watch Now View
Spotlight 47:42

Cybersecurity – Where Leaders are Buying, Building, and Partnering

Rehan Jalil
Watch Now View
Spotlight 27:29

Building Safe AI with Databricks and Gencore

Rehan Jalil
Watch Now View
Spotlight 46:02

Building Safe Enterprise AI: A Practical Roadmap

Watch Now View
Spotlight 13:32

Ensuring Solid Governance Is Like Squeezing Jello

Watch Now View
Spotlight 40:46

Securing Embedded AI: Accelerate SaaS AI Copilot Adoption Safely

Watch Now View
Spotlight 10:05

Unstructured Data: Analytics Goldmine or a Governance Minefield?

Viral Kamdar
Watch Now View

Latest

AI System Observability: Go Beyond Model Governance View More

AI System Observability: Go Beyond Model Governance

Across industries, AI systems are no longer just tools acting on human prompts. The AI landscape is evolving rapidly, and AI systems are gaining...

View More

Securiti Accelerates Secure Agentic AI Deployments with NVIDIA Enterprise AI Factory

Still adapting to  the initial Gen AI boom, the IT industry is now undergoing another profound evolution- the rise of Agentic AI. AI has...

Enterprise Data Security View More

What is Enterprise Data Security?

Get comprehensive insights into enterprise data security, what it is, its importance, key components, and how Securiti helps ensure the utmost enterprise data security.

Cloud Security Posture Management View More

What is Cloud Security Posture Management (CSPM)?

Learn the importance of CSPM for modern enterprises, the core capabilities to consider, and clears several misconceptions related to it.

Mastering Cookie Consent: Global Compliance & Customer Trust View More

Mastering Cookie Consent: Global Compliance & Customer Trust

Discover how to master cookie consent with strategies for global compliance and building customer trust while aligning with key data privacy regulations.

Why Data Access Is Your Weakest Link—And How DSPM Fixes It View More

Why Data Access Is Your Weakest Link—And How DSPM Fixes It

Learn how DSPM provides unified Data+AI Access governance, offering contextual data intelligence, automated controls, safe AI+data access, and consistent least-privilege enforcement.

The European Health Data Space Regulation View More

The European Health Data Space Regulation: A Legislative Timeline and Implementation Roadmap

Download the infographic on the European Health Data Space Regulation, which features a clear timeline and roadmap highlighting key legislative milestones, implementation phases, and...

Comparison of RoPA Field Requirements Across Jurisdictions View More

Comparison of RoPA Field Requirements Across Jurisdictions

Download the infographic to compare Records of Processing Activities (RoPA) field requirements across jurisdictions. Learn its importance, penalties, and how to navigate RoPA.

Gencore AI and Amazon Bedrock View More

Building Enterprise-Grade AI with Gencore AI and Amazon Bedrock

Learn how to build secure enterprise AI copilots with Amazon Bedrock models, protect AI interactions with LLM Firewalls, and apply OWASP Top 10 LLM...

DSPM Vendor Due Diligence View More

DSPM Vendor Due Diligence

DSPM’s Buyer Guide ebook is designed to help CISOs and their teams ask the right questions and consider the right capabilities when looking for...

What's
New