Arkansas - Personal Information Protection Act
This download includes the Arkansas Personal Information Protection Act so there are no mapped questions. Use this download if you just want the provisions and you want to create your own question set.
The Arkansas Personal Information Protection Act requires organizations that collect Personal Information (PI) to use reasonable security safeguards to protect such information. The law also requires that in the event such information is compromised, the organization must notify the affected individuals in a timely manner. If the breach of Personal Information (PI) affects more than 1,000 people, the organization must also disclose the breach to the state attorney general.
The law defines “Personal Information” to include “An individual’s first name, or first initial and his or her last name, in combination with any one or more of the following data elements when either the name or the data element is not encrypted or redacted:
- Social Security number;
- Driver's license number or state identification card number;
- Account number, credit card number, or debit card number in combination with any required security code, access code, or password that would permit access to an individual’s financial account;
- Medical information, including any individually identifiable information, in electronic or physical form, regarding the individual’s medical history or medical treatment or diagnosis by a healthcare professional; or
- Biometric data, such as an individual’s voiceprint, handprint, fingerprint, DNA, retinal/iris scan, hand geometry, faceprint, or any other unique biological characteristic, if the character is used by the owner or licensee to uniquely authenticate the individual’s identity when the individual accesses a system or an account.
Getting StartedClick "Book a demo" and our team will provide you with an overview of our content library within the 6clicks GRC platform.
|Laws or related obligations