Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Arkansas
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay

FINES & PENALTIES – Violations
Up to $10,000

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Arkansas Privacy Law Information

PRIVACY PROGRAM

A person or organization that acquires, owns, or licenses personal information about an Arkansas resident must implement and maintain reasonable security procedures and practices to protect personal information.

BREACH REPORTING
If a breach affects more than 1,000 residents of Arkansas, regulatory reporting to the Attorney General is required and must be completed at the same time as consumer notification or within 45 days of breach determination. There are specific considerations when determining if a breach is reportable. Notifications may only be given by specific methods. Organizations must maintain supporting documents for any breach of security incidents for five years.
CONSUMER NOTIFICATION
If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
INDUSTRY SPECIFIC LAWS
A legal entity engaged in the business of insurance must provide consumer notification and regulatory reporting to the Insurance Commissioner without unreasonable delay.
VENDOR/THIRD PARTIES
Vendors must notify Organizations upon discovery of a breach or suspected breach. The Organization is responsible for submitting any required regulatory reporting and consumer notifications. Under Arkansas’ Personal Information Protection Act, “an entity that destroys records” is included in the definition of “business”. Vendors in the business of destroying records must have measures in place for the destruction of records containing personal information so the records are unreadable or undecipherable. Vendors in the business of destroying records must have procedures in place for the protection and security of personal information.
FINES & PENALTIES

Organizations may be fined or penalized for Vendor violations. Penalties may include liability for any monetary judgments, and right of action by the customers to recover actual damages or suspension of authorization to do business in Arkansas. Violations are punishable by the action of the Attorney General for Deceptive Trade Practices.

Arkansas Statutes and Laws

ARK. CODE § 4-88-101, et seq

Deceptive Trade Practices Act

ARKANSAS CODE §§ 4-110-101 – 4-110-108

Personal Information Protection Act

ARKANSAS CODE § 23-61-113

Disclosure of nonpublic personal information

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.