N.D. Cent. Code § 13-01.2-02 (2025)
1. A financial corporation shall develop, implement, and maintain a comprehensive information security program.
2. The information security program must: a. Be written in one or more readily accessible parts; and b. Maintain administrative, technical, and physical safeguards that are appropriate to the financial corporation's size and complexity, the nature and scope of the financial corporation's activities, and the sensitivity of any customer information at issue.
3. The financial corporation shall develop a security program that: a. Ensures the security and confidentiality of customer information; b. Protects against any anticipated threats or hazards to the security or integrity of such information; and c. Protects against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.