Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance

Can I skip having an information security program in place in Arizona? What are the requirements?

October 18, 2023

Based on the documents provided, it is not possible to skip having an information security program in place in Arizona.

The Arizona Revised Statutes (AZRS) 41-4282 establishes the statewide information security and privacy office, which is responsible for developing, implementing, maintaining, and ensuring compliance with statewide information security policies and a coordinated statewide assurance plan for information security and privacy. Additionally, the office is responsible for monitoring and reporting compliance of each budget unit with state information security and privacy protection policies, standards, and procedures.

Furthermore, R20-6-2103 requires that a licensee’s customer information security program be designed to ensure the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of the information, and protect against unauthorized access to or use of the information.

AZRS 18-202 requires that an agency web site provided by the state contain a privacy policy statement to disclose the information gathering and dissemination practices related to the internet. The privacy policy statement shall describe at a minimum the agency’s information practices with regard to several matters, including the security measures in place to protect a person’s information without compromising the integrity of the security measures.

Therefore, it is mandatory to have an information security program in place in Arizona, and the program must comply with the requirements set forth in the relevant statutes and regulations. ^[2.1]^[3.1]^[4.1]^[3.2]^[4.2]

Source(s):

Jurisdiction

Arizona

Privacy