Idaho has not enacted a comprehensive consumer privacy law. Businesses are subject to data breach notification requirements and sector-specific regulations.
Idaho Privacy & Accessibility Laws
Idaho does not have a comprehensive consumer privacy law as of 2024. The state has enacted data breach notification requirements and sector-specific privacy protections. Idaho state agencies must ensure their digital services are accessible to individuals with disabilities under federal and state requirements.
→
Privacy Law Status
No Comprehensive Law
→
Accessibility Requirements
State Government Policy
Idaho state agencies must ensure websites and digital services are accessible under ADA Title II and state IT accessibility standards.
Idaho Privacy Regulations
While Idaho lacks a comprehensive privacy law, the state has enacted several important privacy protections:
Key Idaho Privacy Laws
- Idaho Data Breach Notification Law: Requires notification of security breaches affecting personal information
- Idaho Consumer Protection Act: Prohibits unfair or deceptive business practices
- Student Data Accessibility, Transparency and Accountability Act: Protects student educational data
- Idaho Medical Consent and Natural Death Act: Medical privacy protections
Data Breach Notification Requirements
| Requirement | Details |
|---|---|
| Covered Entities | Any person or business that owns or licenses computerized data containing personal information |
| Notification Timeline | Expedient manner, without unreasonable delay |
| AG Notification | Required if breach affects more than 500 Idaho residents |
| Covered Data | Name plus SSN, driver's license, financial account, or medical information |
| Penalties | Up to $25,000 per breach under Idaho Consumer Protection Act |
Accessibility Requirements
Idaho government agencies must ensure digital accessibility for all residents:
State Government Obligations
- Idaho state agencies must comply with ADA Title II for all public-facing digital content
- Office of Information Technology Services provides accessibility guidance
- State websites should follow WCAG 2.1 Level AA guidelines
- Public educational institutions must ensure accessible digital learning materials
- State procurement policies encourage vendor accessibility compliance
Private Sector Considerations
- Businesses with physical locations in Idaho are subject to ADA Title III
- Website accessibility claims can be brought under federal ADA
- Healthcare providers must ensure accessible patient portals under HIPAA and ADA
- Financial institutions must provide accessible online banking services
Enforcement
→
Privacy Enforcement
- Idaho Attorney General - Consumer protection and data breach enforcement
- Consumer Protection Division - Investigates complaints
- Idaho Department of Finance - Financial data protection
Contact:
Office of the Attorney General
Consumer Protection Division
954 W. Jefferson Street, 2nd Floor
Boise, ID 83702
(208) 334-2424
→
Accessibility Enforcement
- U.S. Department of Justice - ADA Title II and III enforcement
- Idaho Human Rights Commission - State disability discrimination
- Private litigation - Individuals can bring ADA claims
Contact:
Disability Rights Idaho
4477 Emerald Street, Suite B-100
Boise, ID 83706
(208) 336-5353
Business Obligations
| Obligation | Description |
|---|---|
| Data Security | Implement reasonable security measures to protect personal information |
| Breach Notification | Notify affected individuals expeditiously and notify AG for 500+ resident breaches |
| Student Data | EdTech companies must follow Student Data Act requirements |
| Data Disposal | Properly dispose of records containing personal information |
| Consumer Protection | Cannot engage in unfair or deceptive data practices |
Consumer Rights
Idaho residents have the following privacy rights:
- Breach Notification: Right to timely notice of data breaches affecting personal information
- Consumer Protection: Protection against unfair or deceptive data practices
- Student Data Rights: Parents and students have rights regarding educational data
- Credit Freeze: Right to place security freezes on credit reports
- Medical Privacy: Rights under HIPAA and state medical privacy laws
- Data Disposal: Right to proper disposal of records containing personal data
Future Legislation
Idaho legislators have considered comprehensive privacy legislation in recent sessions. While no comprehensive law has passed, businesses should monitor legislative developments and prepare for potential future requirements.
Related Resources
- US Privacy Laws Overview
- ADA Title II Requirements
- ADA Title III for Businesses
- All State Laws
- Privacy Compliance Guide
- Report a Violation
Need Help with Idaho Compliance?
While Idaho lacks a comprehensive privacy law, businesses must still comply with data breach notification requirements, student data protections, and federal accessibility standards. Contact our experts for guidance on meeting your obligations.