800.668.7020
M-F 8:00AM TO 5:30PM CST
Better coverage. Better price.

Arizona’s Data Breach Laws: Requirements and Fines

In Arizona, any business or leaser of unencrypted computer data must comply with state mandates if a breach of personal information occurs. Affected customers must be notified by phone or written or electronic means. An alternate method of notice may be substituted if the breach affects more than 1,000 residents. Businesses may face fines up to $10,000 per breach investigation.

Name of Law / Statute

N/A

Definition of Protected Information

Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or access codes.

Who Is Subject to Law?

Any business or leaser of unencrypted computer data

Notification of Consumers?

Yes

By what means?

Written, electronic, or phone

Substitute Notice Threshold?

>1000 residents

Notification of authorities / regulators required?

No

By what means?

N/A

Regulatory Fines

$10,000 per breach/investigation

Credit monitoring requirement?

No

Private lawsuits allowed?

No

Private damages cap?

N/A

Regulatory actions allowed?

N/A

HIPAA Compliance exemption?

N/A

Other  (e.g., timeframe)

Law does not apply if PI was encrypted

Link to complete law

http://www.azleg.state.az.us/FormatDocument.asp?inDoc=/ars/44/07501.htm&Title=44

For more information, read the complete text of Arizona’s data breach law.

70% of businesses raise prices or cut hiring when sued