Georgia
| An Act to require information brokers to give notice to consumers of certain security breaches. | |
|---|---|
| CITATION | Georgia Code § 10-1-911-912 |
| SUMMARY | Any information broker or data collector that maintains computerized data that includes personal information of individuals must give notice of any breach of the security of the system following discovery or notification of the breach in the security of the data to any resident of Georgia whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person. The notice shall be made in the most expedient time possible and without unreasonable delay, consistent with the legitimate needs of law enforcement, or with any measures necessary to determine the scope of the breach and restore the reasonable integrity, security, and confidentiality of the data system. |
| DATA COVERED |
Personal Information, which is defined as: “An individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted:
|
| INDUSTRY | Information Brokers: An information broker is defined as any person or entity who, for monetary fees or dues, engages in whole or in part in the business of collecting, assembling, evaluating, compiling, reporting, transmitting, transferring, or communicating information concerning individuals for the primary purpose of furnishing personal information to nonaffiliated third parties, but does not include any governmental agency whose records are maintained primarily for traffic safety, law enforcement, or licensing purposes. |
| PENALTIES | Administrative fine up to five hundred thousand dollars ($500,000) as follows: one thousand dollars ($1,000) for each day the breach goes undisclosed for each 30-day period and fifty thousand dollars ($50,000) thereafter for each 30-day period or portion thereof for up to 180 days. |
