South Dakota

Privacy Law Status

Comprehensive Privacy Law

South Dakota currently does not have a comprehensive data privacy law in effect or under consideration[1][2]. Unlike states such as California, Virginia, and Colorado that have enacted broad consumer privacy legislation, South Dakota has not introduced similar comprehensive protections for residents’ personal data. This means South Dakota residents do not have statutorily guaranteed rights to access, delete, or control the sale of their personal information by businesses.

However, South Dakota does maintain a data breach notification law that requires businesses to inform residents when their personal information has been compromised in a security incident[3][4]. This law, enacted in March 2018, made South Dakota the 49th state to establish breach notification requirements, leaving only Alabama without such protections at that time.

Legislative Activity

Recent legislative sessions in South Dakota have not included any comprehensive data privacy bills similar to those passed in other states[5]. The 2025 legislative session, which concluded in March 2025, focused primarily on issues such as voting access, Medicaid expansion, and property tax relief rather than data privacy protections[6]. While many states across the nation continue to introduce and pass comprehensive privacy legislation, South Dakota lawmakers have not prioritized this area of consumer protection.

The most recent privacy-related legislative activity in South Dakota was the passage of Senate Bill 62 in 2018, which established the state’s data breach notification requirements[7][4]. Since then, there has been no significant movement toward comprehensive privacy legislation at the state level.

Implementation Timeline

South Dakota’s data breach notification law took effect on July 1, 2018[4]. There are currently no scheduled dates for implementing comprehensive privacy protections, as no such legislation has been introduced or is under active consideration. Without legislative action, South Dakota residents will continue to rely primarily on federal privacy laws and the state’s existing breach notification requirements for data protection.

Residents interested in comprehensive privacy protections may need to advocate for legislative action or wait for potential federal privacy legislation that would apply nationwide. The absence of a timeline for privacy law development in South Dakota contrasts with the active legislative schedules in other states that continue to strengthen their data protection frameworks.

Your Rights as a South Dakota Resident

Under current South Dakota law, residents have very limited data privacy rights compared to other states with comprehensive privacy legislation.

Right to breach notification: You must be notified within 60 days if a business discovers that your personal information was accessed by unauthorized individuals, unless the company determines the breach is unlikely to cause harm[3][8]
Right to attorney general notification: When a breach affects more than 250 South Dakota residents, the state Attorney General must be informed, providing government oversight of significant data incidents[3][9]
Constitutional privacy protections: South Dakota recognizes privacy rights in its state constitution, including protections against intrusion upon seclusion, appropriation of likeness, public disclosure of private facts, and false light invasion of privacy[1]
Federal law protections: You retain rights under federal privacy laws such as HIPAA for health information, FERPA for educational records, and the Fair Credit Reporting Act for credit information
Consumer protection remedies: You can file complaints with the South Dakota Division of Consumer Protection for deceptive business practices, though this does not provide specific data privacy rights[10][11]

Unlike residents of states with comprehensive privacy laws, South Dakota residents cannot legally demand that businesses delete their personal information, stop selling their data to third parties, or provide detailed information about data collection and sharing practices.

Business Requirements

South Dakota imposes limited data protection requirements on businesses compared to states with comprehensive privacy laws.

Breach notification compliance: Any business that owns or retains personal information of South Dakota residents must notify affected individuals within 60 days of discovering a security breach[3][12]
Attorney General reporting: Companies must notify the South Dakota Attorney General within 60 days if a breach affects more than 250 state residents[3][8]
Risk assessment documentation: Businesses that determine a breach is unlikely to cause harm must document this decision and retain records for at least three years[12]
Credit reporting agency notification: Companies must notify nationwide consumer reporting agencies without unreasonable delay for any breach requiring individual notifications[4][8]
Federal law compliance: Businesses regulated by federal privacy laws like HIPAA or Gramm-Leach-Bliley are deemed compliant with state requirements if they follow applicable federal notification procedures[3]
Penalty exposure: Non-compliant businesses face civil penalties up to $10,000 per day per violation, enforceable by the Attorney General[3][9]

Practical Impact

Limited daily privacy protection: South Dakota residents have fewer tools to control how businesses collect, use, and share their personal information compared to residents of states like California, Virginia, or Colorado with comprehensive privacy laws
Breach awareness benefits: The state’s notification law ensures you learn about security incidents affecting your personal information, allowing you to take protective steps like monitoring credit reports or changing passwords[8]
Consumer complaint process: You can file complaints about deceptive business practices with the Division of Consumer Protection, though these may not address privacy-specific concerns[10][11]
Gap in proactive protection: Without comprehensive privacy rights, you cannot proactively request information about data collection or demand deletion of personal information from business databases
Federal law dependency: Your privacy protections primarily depend on federal laws and the privacy policies of individual companies rather than state-guaranteed rights

Comparison Context

Behind leading privacy states: South Dakota lacks the comprehensive privacy frameworks found in California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and other states that provide broad consumer data rights
Basic breach protection only: While South Dakota has breach notification requirements similar to other states, it lacks the additional privacy rights that many states now provide, such as data access, deletion, and opt-out rights
No private right of action: Unlike some state privacy laws, South Dakota residents cannot sue companies directly for privacy violations under state law; enforcement is handled exclusively by the Attorney General[3]
Missing modern protections: South Dakota residents do not benefit from emerging privacy protections like opt-out rights for data sales, algorithmic decision-making transparency, or sensitive data processing restrictions that other states have implemented
Federal law reliance: South Dakota residents depend more heavily on federal privacy protections and company voluntary policies than residents of states with comprehensive privacy legislation

Action Steps for Residents

Monitor breach notifications: Stay alert for data breach notifications from companies and take recommended protective actions like credit monitoring or password changes when notified
Leverage federal rights: Exercise your rights under federal laws like HIPAA for health records, FERPA for educational records, and credit reporting laws for financial information
Review privacy policies: Carefully read company privacy policies and opt-out of data sharing where voluntary options are available
File consumer complaints: Report deceptive business practices to the South Dakota Division of Consumer Protection, even if privacy-specific remedies are limited
Advocate for legislation: Contact your state legislators to express support for comprehensive privacy legislation if you believe South Dakota should strengthen its data protection laws
Use privacy tools: Employ browser privacy settings, ad blockers, and other technical tools to limit data collection where possible

Official Resources and Contact Information

South Dakota Legislature

Contact your state legislators to advocate for privacy legislation or ask questions about current laws. You can find your specific district representatives and their contact information at the official legislature website.

Legislative Research Council:
Email: LRC@sdlegislature.gov
Phone: (605) 773-3251
Website: https://sdlegislature.gov/ContactUs/

Consumer Protection and Privacy Complaints

The South Dakota Division of Consumer Protection handles complaints about deceptive business practices and can provide guidance on consumer rights.

Division of Consumer Protection:
Office of Attorney General
1302 E Highway 1889, Suite 3
Pierre, SD 57501
Phone: (605) 773-4400
Toll-free (in-state): 1-800-300-1986
Email: consumerhelp@state.sd.us
Website: https://consumer.sd.gov/

Finding Your Local Representatives

To contact your specific state senators and representatives about privacy issues, use the South Dakota Legislature’s district lookup tool or contact information directory.

Legislature Contact Directory:
Website: https://sdlegislature.gov/
Phone: (605) 773-3251

Data Breach Reporting

If you are a business that has experienced a data breach affecting South Dakota residents, or if you need to report a suspected violation of the state’s breach notification law:

South Dakota Attorney General:
1302 E Highway 1889, Suite 1
Pierre, SD 57501
Phone: (605) 773-3215
Website: https://atg.sd.gov/

Sources and Citations

[1] www.centraleyes.com/privacy-laws/south-dakota/

[2] idscan.net/id-scanning-laws/south-dakota/

[3] www.ciab.com/state-laws-regs/data-security-south-dakota-2/

[4] www.quarles.com/newsroom/publications/south-dakota-officially-the-49th-state-to-pass-data-breach-notification-law

[5] www.ncsl.org/technology-and-communication/2024-consumer-data-privacy-legislation

[6] states.aarp.org/south-dakota/2025sdsessionrecap

[7] www.winston.com/en/blogs-and-podcasts/privacy-law-corner/south-dakota-legislature-approves-data-breach-notification-bill

[8] www.insureon.com/small-business-insurance/cyber-liability/data-breach-laws/south-dakota

[9] consumer.sd.gov/consumeralerts/databreachbill_02-21-2018.aspx

[10] consumer.sd.gov/whoweare.aspx

[11] www.helplinecenter.org/resourcedb/88066395-consumer-protection-office-at-consumer-protection-office-at-pierre-e-highway-14/

[12] www.dwt.com/gcp/states/south-dakota

Last Updated August 2025. Written with contributions from both human authors and Perplexity AI. If you find incorrect or outdated information let us know at support@optery.com.