How Can We Help?
Arizona Data Breach Law
Created On
byBill Haber
You are here:
< Back
Requirements and Fines
In Arizona, any business or leaser of unencrypted computer data must comply with state mandates if a breach of personal information occurs. Affected customers must be notified by phone or written or electronic means. An alternate method of notice may be substituted if the breach affects more than 1,000 residents. Businesses may face fines up to $10,000 per breach investigation.
| Name of Law / Statute | N/A |
| Definition of Protected Information | Combination of (1) name or other identifying info, PLUS (2) one or more of these “data” elements: SSN; driver’s license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes. |
| Who Is Subject to Law? | Any business or leaser of unencrypted computer data |
| Notification of Consumers? | Yes |
| By what means? | Written, electronic, or phone |
| Substitute Notice Threshold? | >1000 residents |
| Notification of authorities / regulators required? | No |
| By what means? | N/A |
| Regulatory Fines | $10,000 per breach/investigation |
| Credit monitoring requirement? | No |
| Private lawsuits allowed? | No |
| Private damages cap? | N/A |
| Regulatory actions allowed? | N/A |
| HIPAA Compliance exemption? | N/A |
| Other (e.g., timeframe) | Law does not apply if PI was encrypted |
| Link to complete law | http://www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/44/07501.htm&Title=44 |