Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws:
- up to $10,000

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Other penalties include liability for any monetary judgements, and right of action by the customers to recover actual damages, suspension of authorization to do business in Arkansas.
  • There are specific considerations when determining if a breach is reportable.
  • Notifications may only be given by specific methods.
  • A person or business that acquires, owns, or licenses personal information about an Arkansas resident must implement and maintain reasonable security procedures and practices to protect the personal information.
  • A legal entity engaged in the business of insurance must provide notification of a data breach to the Insurance Commissioner in the most expedient time and manner possible and without unreasonable delay.
  • If a vendor is breached, they must report it to the data owner. The data owner will be responsible to complete the reporting and consumer notification, but the vendor is still required to cooperate.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
    • Arkansas Code § 4-110-101 Personal Information Protection Act
    • Arkansas Code § 4-110-104 Protection of personal information
    • Arkansas Code § 4-110-105 Disclosure of security breaches
    • Arkansas Code § 4-110-108 Penalties
    • Arkansas Code § 23-61-113 Disclosure of nonpublic personal information
    • Arkansas Code § 4-88-105 Consumer Protection Division
BAck to map