Update Applicable to:
All employers who keep a record of consumer personal information
On April 29, 2022, Governor Ducey signed House Bill 2146 (HB 2146) into law, which would require employers to report data breaches of personal information.
What are the details?
Effective July 23, 2022, employers who maintain records of personal information must report data security breaches to the Director of the Arizona Department of Homeland Security in addition to the Attorney General.
A “covered entity” for these purposes includes a person that conducts business in the state and that owns or licenses unencrypted and unredacted computerized personal information. Entities subject to Gramm-Leach-Bliley Act (GLBA) are exempt from Arizona’s data security breach notification laws.
For more information, please see the links below:
What do employers need to do?
Employers should review the links provided above and implement a policy that would require the business to report data breaches to the Arizona Department of Homeland Security.