Can I avoid having a data breach response plan in Arkansas? What are the requirements?

Data Breach Response Plan Requirements in Arkansas

Arkansas law does not have a specific requirement for a data breach response plan. However, any person or business that acquires, owns, or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to any resident of Arkansas whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person ^[2.1].

It is recommended that insurers have a data breach response plan in place to protect their customers’ personal information and comply with other applicable laws and regulations. A person or business that acquires, owns, or licenses personal information about an Arkansas resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure ^[2.2].

Other Relevant Requirements

To comply with Arkansas law, insurers must have an antifraud plan approved by the commissioner ^[1.1][1.2]. Fraud investigators who are employees of an insurer shall be qualified by education, experience, or training in the detection, investigation, and proper reporting of suspected fraudulent insurance acts, and shall complete a minimum of three (3) hours of continuing education annually in the detection, investigation, and proper reporting of suspected fraudulent insurance acts ^[1.3].

Source(s):

• [1.1] Antifraud Initiative Requirements
• [2.1] Disclosure of security breaches.
• [1.2] Antifraud Plans
• [1.3] Fraud Investigators and Independent Contractors
• [2.2] Protection of personal information.

Jurisdiction

Arkansas

• Privacy