Can I collect location information from participants in Georgia? What are the requirements?

Based on the provided documents, it appears that there are no specific requirements related to collecting location information from participants in Georgia. However, if you plan to collect personal information, including location information, you may need to comply with certain rules.

Personal Information Protection

Georgia has enacted the Georgia Personal Identity Protection Act (GPIPA) which requires entities that collect personal information to implement reasonable procedures to protect that information from unauthorized access, destruction, use, modification, or disclosure. GPIPA defines personal information as an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted: (1) Social Security number; (2) driver’s license number or state identification card number; (3) account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual’s financial account; (4) account number, credit or debit card number, or any other number or code that can be used to access a person’s financial resources without additional identifying information, security code, access code, or password; (5) any information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional; (6) an individual’s health insurance policy number or subscriber identification number and any unique identifier used by a health insurer to identify the individual; or (7) user name or email address, in combination with a password or security question and answer that would permit access to an online account.

Notice of Unauthorized Access to Personal Information

Additionally, GARR Rule 80-14-1-.05 requires that in the event of a data breach that results in access or likely access to unencrypted personal information, a licensee or an affiliate of a licensee is required to provide notice to Georgia residents. A duplicate of the notification will simultaneously be submitted to the Department.

It is recommended that you consult with a legal professional to ensure compliance with all applicable laws and regulations.

^{[2.1][3.1][2.3][4.1]}

Source(s):

• [2.1] Georgia Technology Authority successor in interest to Georgia Information Technology Policy Council.
• [3.1] Establishment of Georgia Data Access Forum; composition; membership.
• [2.3] Authority of public agencies that maintain geographic information systems to contract for the provision of services; fees; contract provisions.
• [4.1] Establishment of center; staff and equipment generally; State Personnel Board status of personnel.

Jurisdiction

Georgia, Georgia

• Privacy