Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect personal information
  • Written Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws from $500 per resident up to $50,000

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • If notification is required to more than 1,000 residents, it must be reported, without unreasonable delay, to all consumer reporting agencies with specific information.
  • Unauthorized acquisition includes acquisition by any paper-based method, any device (including a computer) when the information is represented in numerical form, or any other method.
  • A business or governmental agency must adopt written policies and procedures that relate to the adequate destruction and proper disposal of records containing personal information.
  • After due diligence, entering into a written contract with a third party engaged in the business of record destruction to dispose of records containing personal information.
  • An individual, a business, or a governmental agency that knowingly violates Article 4 Disposal of Records is liable to the state for a civil penalty not to exceed $3,000.
  • Written notification to the state attorney general is required prior to the notification decision.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
  • If an information recipient (vendor) is breached, they must report it to the information collector (data owner).  The data owner will be responsible to compete the reporting and consumer notification.
Statutes and Laws
  • AK Stat § 48.48. Personal Information Protection Act

    Ak Stat §§ 48.48.010 – .090 Breach of Security Involving Personal Information

    AK Stat §§ 45.48.400 – .480 Protection of Social Security Number

    AK Stat §§ 45.48.500 – .590 Disposal of Records

    AK Stat § 45-48-750 Truncation of Card Information

BAck to map