Ask Reggi Your Question Now
Can you summarize ARCO 4-110-105?
Personal Information Protection Act > Disclosure of security breaches.
Short Summary
The Personal Information Protection Act in Arkansas requires any person or business that acquires, owns, or licenses computerized data containing personal information to disclose any breach of the security of the system to affected residents of Arkansas. The disclosure must be made in a timely manner and without unreasonable delay, taking into account the needs of law enforcement and measures necessary to determine the scope of the breach and restore the integrity of the data system. If the breach affects the personal information of more than 1,000 individuals, the person or business must also disclose the breach to the Attorney General. Notification may be delayed if it would impede a criminal investigation, but must be made once the investigation is not compromised. The Act provides various methods of notification, including written notice, electronic mail notice, and substitute notice under certain conditions. A person or business that maintains its own notification procedures consistent with the Act’s timing requirements is deemed to be in compliance. The Act also requires retention of breach determinations and supporting documentation for five years and allows the Attorney General to request copies. Overall, the Act aims to ensure the disclosure of security breaches and protect the personal information of Arkansas residents.
Whom does it apply to?
Any person or business that acquires, owns, or licenses computerized data that includes personal information
What does it govern?
Disclosure of security breaches
What are exemptions?
Notification under this section is not required if, after a reasonable investigation, the person or business determines that there is no reasonable likelihood of harm to customers.
What are the Penalties?
No specific penalties mentioned.
Jurisdiction
Arkansas