Georgia
Privacy Laws
Overview
BREACH NOTIFICATION – Mandated Timeframe
Without unreasonable delay
FINES & PENALTIES – Violations
Not applicable
Regulation Levels
-
Breach Reporting
-
Consumer Notification
-
Vendor Management
-
Vendor Contract Required
PRIVACY AND SECURITY LAWS
Laws related to personal information and privacy and security.
Breach Reporting
Required
Vendor Obligations
Required
Consumer Notification
Required
Vendor Contracts
Not Required
Vendor Notification
Required
Privacy Program
Required
QUICK FACTS
Georgia Privacy Law Information
Breach reporting to all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis is required when consumer notification was made to more than 10,000 residents of this state at one time, without unreasonable delay. If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
Vendors must notify Organizations within 24 hours after the discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notification. Organizations and Vendors in the business of destroying records must have measures in place for the secure destruction of records containing personal information so the records are unreadable or undecipherable.
There are separate laws covering data for education and health.
Organizations may be fined or penalized for Vendor violations. Businesses in violation of data protection laws may incur fines up to $250 for the first violation and up to $1,000 for a second or subsequent violation. Businesses in violation of data disposal law may incur fines up to $500 for each customer’s record that contains personal information that is wrongfully disposed of or discarded; with a total fine up to $10,000.
Georgia Statutes and Laws
Protection from disclosure of an individual’s social security number
Notification required upon breach of security regarding personal information
Disposal of business records containing personal information; handling of receipts …
Student data privacy, accessibility, and transparency act
Health records
Health insurance identification card; issue required; contents; updating; social security …
Action in event of telephone record security breach; notification to …
DISCLAIMER
The information provided is not legal guidance or recommendations and are for informational purposes only.