Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Arizona
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Within 45 days

FINES & PENALTIES – Violations
$10,000 to $500,000 per individual

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Arizona Privacy Law Information

PRIVACY PROGRAM

Organizations may contract with Vendors to handle consumer notifications and/or regulatory reporting.

BREACH REPORTING

1,000 or more Arizona residents affected by a data breach must be reported to the AZ Attorney General, Director of the AZ Department of Homeland Security, and all credit reporting agencies within 45 days.

CONSUMER NOTIFICATION

All Arizona residents affected by a breach must be notified within 45 days after the determination of the breach. If your breach affects residents in other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES

A vendor discovering a breach or suspected breach must notify the organization. The organization is responsible for reporting to the regulator and consumer notification. Vendors must cooperate with Organizations and provide all necessary information about a breach incident.

SPECIFIC LAWS - EDUCATION

Educational facilities must implement and maintain a data governance plan and are required to provide employee training on student privacy laws. There are sector-specific vendor contract requirements for educational entities. Educational facilities must provide notification to parents in the event of a breach.

SPECIFIC LAWS - GENETIC TESTING

Arizona’s Genetic Information Privacy law governs the collection, use, disclosure and consent of resident’s genetic data, and mandates that companies implement a comprehensive security program. In addition, genetic testing companies (GTC) are required to publish a privacy notice detailing the collection, consent, use, access, disclosure, transfer, security and retention/deletion practices of their data. GTCs must provide a process for the access or deletion/destruction of genetic data or biological samples. GTC may not disclose a direct resident consumer’s genetic data to an employer, nor any entity that offers health, life or long-term care insurance, without their express written consent.

FINES & PENALTIES
An entity knowingly discarding or disposing of records/documents without redacting personal identifying information (some exceptions apply) is in violation and subject to a civil penalty: $500 for first violation, $1,000 for a second violation, $5,000 for a third or subsequent violation. Retailers knowingly or intentionally violating the restrictions for the use, retention and disclosure of consumers’ driver’s license or identification card are subject to a civil penalty: $500 for first violation, $1,000 for a second violation, $5,000 for a third or subsequent violation. Knowingly or intentionally violating regulations for the restricted disclosure of Social Security numbers can result in a civil penalty of $100 per violation.

Arizona Statutes and Laws

ARIZ. REV. STAT., §§ 15-1041 – 1046

Student accountability information system

ARIZ. REV. STAT., §§ 18-551 & 18-552

Data Security Breaches

ARIZ. REV. STAT., §§ 36-3801 – 3809

Provisions of Health Information Organizations

ARIZ. REV. STAT., §§ 44-1373 -1373.03

Restricted use of personal identifying information

ARIZ. REV. STAT., § 44-7012

Electronic records retention

ARIZ. REV. STAT., § 44-7601

Discarding and disposing of personal identifying information records

ARIZ. REV. STAT., § 44-7701

Retention of customer information; transmission to third parties prohibited

ARIZ REV STAT §§ 44-7921 – 44-7924

Genetic Testing Companies

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.