Ga. Comp. R. & Regs. R. 80-4-1-.08 - Notice of Unauthorized Access to Personal Information

(1) In the event that a licensee provides notice under applicable federal or state law of an information security incident involving unauthorized access to personal information, then the licensee shall simultaneously provide a duplicate of such disclosure to the Department. For purposes of this rule, personal information is any record containing nonpublic personal information about a customer or potential customer whether in paper, electronic, or other form maintained by or on behalf of the licensee.

(2) Pursuant to O.C.G.A. § 10-1-912, a business that satisfies the definition of an information broker is required to provide notice to Georgia residents in the event of a data breach that results in access or likely access to unencrypted personal information. In the event a licensee or an affiliate of a licensee is required to make such notification to Georgia residents, then a duplicate of the notification will simultaneously be submitted to the Department.

Notes

Ga. Comp. R. & Regs. R. 80-4-1-.08

O.C.G.A. §§ 7-1-61, 7-1-706.1.

Original Rule entitled "Membership in a Federal Home Loan Bank" was filed on July 5, 1973; effective July 25, 1973. Amended: Rule repealed and a new Rule of the same title adopted. Filed June 18, 1979; effective July 8, 1979. Repealed: F. June 20, 2016; eff. July 10, 2016. Adopted: New Rule entitled "Notice of Unauthorized Access to Personal Information." F. July 7, 2022; eff. July 27, 2022.