Know the Law

Data Breach Notification

De-Escalate: Be familiar with the law

Experienced bicyclists will tell you that when you ride on two wheels you will eventually fall. We are learning when a company stores our personal data it will eventually be breached. Keeping data secure is the highest priority for businesses and law firms. Knowing what to do if security fails is a must. Notification is required by law when data is unencrypted and it can serve to de-escalate client concerns by providing realistic information. Attorneys should consider advising clients about data breach policies at the beginning of the representation. Arizona and 46 other states have statutes requiring notification when data containing personal information is accessed or acquired without authorization. Does your firm or company have a plan in place to comply with the statute?

A.R.S. Sec. 44-7501.D.

Notification/disclosure of a data breach must be provided as follows:

  • Written notice
  • Electronic notice if the person's primary method of communication with the individual is by electronic means or is consistent with the provisions regarding electronic records and signatures set forth in the electronic signatures in global and national commerce act (P.L. 106-229; 114 Stat. 464; 15 United States Code section 7001).
  • Telephonic notice
  • Substitute notice if the person demonstrates that the cost of providing notice pursuant to paragraph 1, 2 or 3 of this subsection would exceed fifty thousand dollars or that the affected class of subject individuals to be notified exceeds one hundred thousand persons, or the person does not have sufficient contact information.

Are you prepared to notify clients and other persons if you experience a data breach?

Data breach notification planning allows a firm to consider the who, where, why, when and how data is kept. A notification plan, one part of a Data Breach Response Plan, allows you and your staff to take action immediately.

Resources

  • Get our free download (includes the statute) on data breach notification by clicking here.
  • You can read the full text of the statute at this link.
  • Contact us for more information or to get started on your plan.