It seems every day we hear about a data breach or fragile digital ecosystem failing to protect the information of customers, users and companies. From Facebook’s recent release of user information to talk of Russian interference during the previous general election, data security is the most important issue facing companies, municipalities, governments, and education systems in terms of integrity and overall safety.
State policymakers are asking Arizona companies to stay hyper-vigilant in protecting customer information.
The new bill, HB 2154, updates the state’s data breach statutes with definitions that include unique biometric data and electronic signatures, methods that can be used in identity theft. Simultaneously the bill strengthens protections for consumers and adds notification requirements for those who fall victim to data breaches.
Companies are required to work loosely with local law enforcement and notify the attorney general as soon as data security is threatened. When a business of any size in Arizona suspects it has been breached they are required to conduct a thorough investigation into the incident, according to the new law. If they discover a breach, they must notify the state attorney general in writing and begin notifying each individual affected within 45 days.
The new law aims to help protect individuals and businesses from data mishandling that could put consumer information in the wrong hands.
Arizona Attorney General Mark Brnovich authored the bill, which was sponsored by Rep. T.J. Shope. He says the bill holds businesses accountable for overall security in data protection.
“Consumers have a right to know when their sensitive information has been breached so they can protect themselves from financial loss,” Brnovich said in a statement. “A key component of the legislation was notification to the Attorney General’s Office of a breach. My office will be better positioned to investigate massive breaches in the future and assist consumers to protect their assets from theft.”
The bill sets the clock to handle a data breach at 45 days, making it imperative for businesses to contact those affected within that time frame. Prior to HB 2154 there was no definitive window of time to announce data breach issues. This past spring, as more revelations of poor data management came to light, a number of states and local governments passed stricter data breach laws like the one in Arizona.