Can I ignore my obligations as a service provider with access to personal information in Arkansas? What are the requirements?

Based on the context documents, as a service provider with access to personal information in Arkansas, you cannot ignore your obligations. You are required to implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure ^[1.1]. Additionally, any person or business that acquires, owns, or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to any resident of Arkansas whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person ^[1.2]. Failure to comply with these requirements may result in legal consequences.

There are no additional requirements or exceptions mentioned in the context documents that would allow a service provider to ignore their obligations. Therefore, it is important to comply with the requirements mentioned above to avoid legal consequences.

Source(s):

• [1.1] Protection of personal information.
• [1.2] Disclosure of security breaches.

Jurisdiction

Arkansas

• Privacy