Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach notification laws:
- from $500 per resident up to $50,000

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • If breach notification is required to more than 1,000 residents, it must be reported, without unreasonable delay, to all consumer reporting agencies with specific information.
  • Breach of security regulations in Alaska cover unauthorized acquisition of personal information held in either electronic or paper form.
  • If a business investigates a suspected breach and reasonably determines that affected consumers are unlikely to suffer harm, consumer notification is not required. However, notification must be sent to the state Attorney General stating such determination, and the business must maintain internal documentation (written) for at least 5 years.
  • If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.
  • If a vendor is breached, they must notify the data owner. The data owner will be responsible to complete any required regulatory and consumer breach notifications.
  • A business or governmental agency must adopt written policies and procedures that relate to the adequate destruction and proper disposal of records containing personal information.
  • Businesses must have written contracts with any vendors engaged in the business of record disposal, and must conduct due diligence in hiring any disposal vendor.
  • An individual, a business, or a governmental agency that knowingly violates the disposal regulations may be fined up to $3,000.
  • An individual harmed by violations of the disposal regulations may bring a civil action to recover actual damages, costs and fees.
  • Businesses must protect an individual’s social security number and credit card number through truncation or face a state civil penalty of up to $3,000 in damages, as well as individual action for actual economic damages, costs and fees.
Statutes and Laws
  • AK Stat Chapter 45.48 Personal Information Protection Act

    Ak Stat §§ 45.48.010 – .090 Breach of Security Involving Personal Information

    AK Stat §§ 45.48.400 – .480 Protection of Social Security Number

    AK Stat §§ 45.48.500 – .590 Disposal of Records

    AK Stat § 45.48.750 Truncation of Card Information

BAck to map