Can I skip having an information security program in place in Arkansas? What are the requirements?

Based on the documents provided, it is not possible to skip having an information security program in place in Arkansas. The Arkansas Cyber Initiative was created to improve cybersecurity and the economy of the state through improving cyber infrastructure, increasing the focus on cyber job-creating research activities, and expanding cyber job-creating research activities toward producing more knowledge-based and high-technology cyber jobs in this state ^[1.2]. Additionally, a person or business that acquires, owns, or licenses personal information about an Arkansas resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure ^[2.1].

Therefore, it is required to have an information security program in place in Arkansas to protect personal information and improve cybersecurity.

Requirements for an information security program in Arkansas are not explicitly stated in the documents provided. However, the Arkansas Information Systems Act of 1997 gives the Office of Information Technology the authority to define standards, policies, and procedures to manage the information resources within the state ^[5.1]. It is recommended to consult with the Office of Information Technology for specific requirements for an information security program in Arkansas.

In summary, it is not possible to skip having an information security program in place in Arkansas, and specific requirements for an information security program in Arkansas are not provided in the documents provided.

Source(s):

• [2.1] Protection of personal information.
• [1.2] Arkansas Cyber Initiative — Creation — Powers and duties.
• [5.1] Background

Jurisdiction

Arkansas

• Privacy