Can I store personal information about my customers in Arkansas? What are the requirements?

To store personal information about your customers in Arkansas, you must comply with the state’s laws and regulations regarding the protection and disposal of personal information.

Protection of Personal Information

Under ARCO 4-110-104, a person or business that acquires, owns, or licenses personal information about an Arkansas resident shall implement and maintain reasonable security procedures and practices appropriate to the nature of the information to protect the personal information from unauthorized access, destruction, use, modification, or disclosure.

Disposal of Personal Information

Under ARCO 18-16-412, a person or business shall take all reasonable steps to destroy or arrange for the destruction of a customer’s records within its custody or control containing personal information that is no longer to be retained by the person or business by shredding, erasing, or otherwise modifying the personal information in the records to make it unreadable or undecipherable through any means.

Disclosure of Security Breaches

Under ARCO 4-110-105, any person or business that acquires, owns, or licenses computerized data that includes personal information shall disclose any breach of the security of the system following discovery or notification of the breach of the security of the system to any resident of Arkansas whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person.

Additionally, there are exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information under ARAR 054.00.74-16. These exceptions include disclosing nonpublic personal financial information with the consent or at the direction of the consumer, to protect the confidentiality or security of a licensee’s records pertaining to the consumer, to protect against or prevent actual or potential fraud or unauthorized transactions, and to comply with federal, state, or local laws, rules, and other applicable legal requirements.

Therefore, you can store personal information about your customers in Arkansas as long as you comply with the state’s laws and regulations regarding the protection and disposal of personal information and the exceptions to notice and opt-out requirements for disclosure of nonpublic personal financial information.

Jurisdiction

Arkansas

• Privacy