Data Breach Notification Laws in Arkansas

data-breach-notification-laws-in-arkansas

What are the laws for data breach notification in Arkansas

Statute Codes for Breach Notification Laws in Arkansas

The Personal Information Protection Act in Arkansas is outlined under Ark. Code § 4-110-101 et seq.: S.B. 1167, act 1526 was signed into law as of March 31, 2005, and became effective August 12, 2005.

Legal Requirements for Breach Notification

This law pertains to entities (including individuals, businesses or state agencies) that either acquire, own, or license computerized data containing PI. This applies specifically to Arkansas resident data, regardless if the entity is local to Arkansas. An Arkansas security breach is when resident PI data is acquired in an unauthorized way, and not in good faith. The data must in some way compromise integrity, security, or confidentiality of affected parties.

PI is defined as a first and last name, including first initials, in combination with other pertinent information. That information can include SSNs, driver’s license and ID numbers, financial data like account numbers, passwords, PINs, or anything else compromising financial activity, or medical information.

Timeframes for Notification After a Data Breach Occurs

When a breach is discovered, an entity must inform affected Arkansas residents as soon as reasonably possible. If an investigation proves no reasonable expectation of harm, notification isn’t necessary. If the entity manages information owned by a third party, that third party must be notified in the event a PI breach occurs–provided it’s feasible an unauthorized individual has acquired this PI.

Notice can be given in writing, or by email provided said email outreach follows the E-Sign Act (15 U.S.C § 7001). If it can be demonstrated notification will cost the entity $250,000 or more, or that more than 500,000 people have been impacted by the PI breach, or there isn’t enough contact information to reach affected parties, then substitute notice options can be used.

Exemptions in Arkansas

Entities maintaining notification procedures pertaining to PI breach which are consistent with statute timing will be considered compliant to the statute. This is provided affected persons are properly notified in the event of a breach.

Contact Security Compliance Associates to Learn More About Data Breach Notification Laws in Arkansas

SCA has years of experience helping organizations across the United States to prevent and manage potential data breaches. Contact us today at 727-571-1141 to schedule a no-cost consultation. You can also download our free Data Breach Response Guide to learn more about breach notification law in your state.