Can you summarize GACO 10-1-912?

Short Summary

This legal document, known as the Georgia Personal Identity Protection Act, governs the notification requirements upon a breach of security regarding personal information. It applies to information brokers, data collectors, and persons or businesses maintaining computerized data on behalf of information brokers or data collectors. The document mandates that any breach of security must be promptly notified to any resident of Georgia whose unencrypted personal information was acquired by an unauthorized person. The notification should be made without unreasonable delay, considering the needs of law enforcement or measures necessary to determine the scope of the breach and restore the integrity, security, and confidentiality of the data system. If the breach involves more than 10,000 residents, consumer reporting agencies must also be notified. However, notification may be delayed if it compromises a criminal investigation. The document does not specify any penalties for non-compliance or violation.

Whom does it apply to?

Information brokers, data collectors, persons or businesses maintaining computerized data on behalf of information brokers or data collectors

What does it govern?

Notification required upon breach of security regarding personal information

What are exemptions?

Notification may be delayed if it compromises a criminal investigation

What are the Penalties?

Not specified

Jurisdiction

Georgia

Source

GACO 10-1-912 [https://reggi.cloud.regology.com/regulations/US-GACO/US-GACO_T_10_C_1_SC_34_S_912]

• Banking