Can I share personal information about my customers with third parties in Arkansas? What are the requirements?

Sharing Personal Information with Third Parties in Arkansas

In Arkansas, a person or business that acquires, owns, or licenses personal information about an Arkansas resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure ^[1.1](^[2.1]:).

A licensee may disclose nonpublic personal financial information to nonaffiliated third parties only after providing the consumer with an initial notice and an opt-out notice, and the consumer does not opt-out ^[2.2](^[2.4]:).

A licensee may disclose nonpublic personal financial information to a nonaffiliated third party under an exception in Sections 15 and 16 of the regulation, in the ordinary course of business to carry out the activity covered by the exception under which the licensee received the information ^[2.4].

Requirements for Sharing Personal Information with Third Parties in Arkansas

To share personal information with third parties in Arkansas, you must:

1. Implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure ^[1.1](^[2.1]:).
2. Provide the consumer with an initial notice and an opt-out notice, and the consumer does not opt-out before disclosing nonpublic personal financial information to nonaffiliated third parties ^[2.2](^[2.4]:).
3. Disclose nonpublic personal financial information to a nonaffiliated third party under an exception in Sections 15 and 16 of the regulation, in the ordinary course of business to carry out the activity covered by the exception under which the licensee received the information ^[2.4].

Additionally, a licensee may not disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party unless the licensee has provided to the consumer an initial notice, an opt-out notice, and given the consumer a reasonable opportunity to opt-out of the disclosure ^[2.1].

Furthermore, any person or business that acquires, owns, or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to any resident of Arkansas whose unencrypted personal information was compromised ^[1.2].

Therefore, to share personal information with third parties in Arkansas, you must comply with the above requirements and disclose any security breaches to affected residents.

^[1.2]:

Source(s):

• [1.1] Protection of personal information.
• [2.1] Limits on Disclosure of Nonpublic Personal Financial Information to Nonaffiliated Third Parties
• [2.2] Other Exceptions to Notice and Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information
• [2.4] Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information
• [1.2] Disclosure of security breaches.

Jurisdiction

Arkansas

• Privacy