Mandated Timeframe for Breach Reporting and/or Consumer Notification
Without unreasonable delay
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect Personal Information
Program for Protection/Security
Third Party: Specific Obligations
Third Party: Mandated Contracts
Requests for Information
Fines & Penalties
Violations of breach and notification laws:
- Not applicable
Third Party Management
None to minimal
Vendors must report to the data owner within 24 hours following discovery of a breach. The data owner will be responsible to complete the reporting and consumer notification.
Breach reporting to all consumer reporting agencies that compile and maintain files on consumers on a nation-wide basis is required when consumer notification was made to more than 10,000 residents of this state at one time, without unreasonable delay.
There are additional laws for data protection and data disposal to prevent a breach of personal information.
Violations of data disposal law may be up to $500 for each customer’s record that contains personal information that is wrongfully disposed of or discarded; with a total fine up to $10,000.
Violations for data protection laws may be up to $250 for the first violation and up to $1,000 for a second or subsequent violation.
There are separate laws covering data for education and health.
If a breach affects residents in other states, those residents need to be notified using the laws of that state.
Statutes and Laws
O.C.G.A. §§ 10-1-910 – 10-1-912 Notification required upon breach of security regarding personal information
O.C.G.A. § 10-1-393.8 Protection from disclosure of an individual’s social security number
O.C.G.A. §§ 10-15-1 – 10-15-7 Disposal of business records containing personal information; Handling of receipts for credit card transactions; Prohibited activities involving magnetic strip or stripe on payment card
O.C.G.A. §§ 20-2-660 – 20-2-668 Student Data Privacy, Accessibility, and Transparency Act
O.C.G.A. §§ 31-33-1 – 31-33-8 Health Records
O.C.G.A. § 33-24-57.1 Health insurance identification card; issue required; contents; updating; social security numbers not to be displayed
O.C.G.A. § 46-5-214 Action in event of telephone record security breach