Can I skip having an information security program in place in Georgia? What are the requirements?

In Georgia, it is not recommended to skip having an information security program in place. The Georgia Computer Security Act of 2005 requires all state agencies to establish and maintain an information security program ^[4.1]. Additionally, if a licensee provides notice under applicable federal or state law of an information security incident involving unauthorized access to personal information, then the licensee shall simultaneously provide a duplicate of such disclosure to the Department ^[1.2]. Furthermore, public employers, their contractors, and subcontractors are required to verify new employee work eligibility through a federal work authorization program ^[3.1]. Therefore, it is important to have an information security program in place in Georgia.

Source(s):

• [1.2] Notice of Unauthorized Access to Personal Information
• [3.1] Public Employers, Their Contractors and Subcontractors Required to Verify New Employee Work Eligibility Through a Federal Work Authorization Program
• [4.1] Short title.

Jurisdiction

Georgia, Georgia

• Privacy