Arizona amends data breach notification requirements

Privacy/Cyber Risk & Data Security State Legislation State Issues Arizona Data Breach

On March 29, the Arizona governor signed HB 2146, amending the Arizona Revised Statutes’ security breach notification requirements. Specifically, if a person conducting business in the state that “owns, maintains or licenses unencrypted and unredacted computerized personal information becomes aware of a security incident” involving more than 1,000 individuals, the person is required to notify the three largest national consumer reporting agencies, the state attorney general, and the director of the Arizona Department of Homeland Security within 45 days. The bill also makes various technical corrections and will take effect 90 days after legislature adjourns.