Arizona
| Security Breach Notification Act (S.B. 1338) | |
|---|---|
| CITATION | Ariz. Rev. Stat. § 44-7501 |
| ENACTED | 2006 |
| SUMMARY | Any person that conducts business in Arizona and owns or licenses computerized data that includes personal information or maintains such data is covered by the Act. Notice is required if, after reasonable investigation, it is determined that security has been breached. This law is to be repealed one year after the effective date of any federal personal data privacy and security act. To date, this condition has not been met. |
| DATA COVERED |
The law covers ‘Personal Information’ which is defined as an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when the data is not encrypted, redacted or secured by any other method rendering the element unreadable or unusable:
|
| INDUSTRY | The law applies to any business or individual conducting business in Arizona who becomes aware of an incident of unauthorized acquisition and access to unencrypted or un-redacted computerized data that includes an individual’s personal information. |
| PENALTIES | The State Attorney General is the only individual authorized to enforce the law. The Attorney General may bring an action to obtain actual damages for a willful and knowing violation and a civil penalty not to exceed ten thousand dollars ($10,000) per breach of the security of the system or series of breaches of a similar nature that are discovered in a single investigation. |
