Can I ensure that my company is compliant with expanding privacy protections in Arkansas? What are the requirements?

To ensure compliance with the expanding privacy protections in Arkansas, businesses must implement and maintain reasonable security procedures and practices to protect sensitive personal information, provide notice to affected individuals in the event of a data breach, develop and implement a written information security program, and comply with the filing requirements outlined in Arkansas Code Annotated § 4-27-120 ^[1.1].

In addition to the requirements under the APIPA, businesses must also comply with the standards established by the Arkansas Insurance Department for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information ^[2.1].

Exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information are outlined in Arkansas Administrative Code § 054.00.74-16 ^[3.1].

If your company offers health benefit plans to small employers in Arkansas, you must guarantee the availability of coverage to small employers as required by Arkansas Code § 23-86-312(a) and comply with the provisions of the Arkansas Insurance Code in their sales and solicitation of insurance, including, but not limited to, the Trade Practices Act, § 23-66-201 et seq., and the requirements of §§ 23-64-102(1) and 23-64-201 that all insurance must be sold by an agent licensed by the State Insurance Department ^[4.2].

Therefore, to ensure compliance with expanding privacy protections in Arkansas, businesses must implement and maintain reasonable security procedures and practices to protect sensitive personal information, provide notice to affected individuals in the event of a data breach, develop and implement a written information security program, comply with the filing requirements outlined in Arkansas Code Annotated § 4-27-120, comply with the standards established by the Arkansas Insurance Department for developing and implementing administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of customer information, comply with the exceptions to the notice and opt-out requirements for disclosure of nonpublic personal financial information outlined in Arkansas Administrative Code § 054.00.74-16, and guarantee the availability of coverage to small employers as required by Arkansas Code § 23-86-312(a) ^{[1.1][2.1][3.1][4.2]}.

Source(s):

• [1.1] Filing requirements. [Effective until May 1, 2021.]
• [2.1] Preamble
• [3.1] Other Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information
• [4.2] Health insurance purchasing group health benefits coverage requirements.

Jurisdiction

Arkansas

• Privacy