Rule 80-11-1-.07 - Notice of Unauthorized Access to Personal Information(1) In the event that a licensee provides notice under applicable federal or state law of an information security incident involving unauthorized access to personal information, then the licensee shall simultaneously provide a duplicate of such disclosure to the Department. For purposes of this rule, personal information is any record containing nonpublic personal information about a customer or potential customer whether in paper, electronic, or other form maintained by or on behalf of the licensee.(2) Pursuant to O.C.G.A. § 10-1-912, a business that satisfies the definition of an information broker is required to provide notice to Georgia residents in the event of a data breach that results in access or likely access to unencrypted personal information. In the event a licensee or an affiliate of a licensee is required to make such notification to Georgia residents, then a duplicate of the notification will simultaneously be submitted to the Department.Ga. Comp. R. & Regs. R. 80-11-1-.07
O.C.G.A. §§ 7-1-61, 7-1-1012.
Original Rule entitled "Notice of Unauthorized Access to Personal Information" adopted. F. July 7, 2022; eff. July 27, 2022.