LITTLE ROCK, Ark. – Arkansas Attorney General Leslie Rutledge today sent an advisory letter to medical licensees throughout Arkansas about their duty to report a data breach under the Personal Information Protection Act (PIPA). The PIPA reporting guidelines, amended in July 2019, mandate that individuals, agencies and businesses notify the Attorney General’s Office at the same time as affected individuals or within 45 days if they experience a data breach that impacts more than 1,000 people.
“Medical providers and other entities carry some of the most sensitive material on our personal lives, and cyber criminals are ruthless in gathering this information to sell or use for bad purposes on the dark web,” said Attorney General Rutledge. “It’s important to work with providers, hospitals and offices on these new laws to protect Arkansans’ information and good businesses in the State.”
Rutledge’s advisory highlights provisions of (PIPA) identifying the types of personal information that triggers the notice requirement if a breach occurs:
- Social security number
- Driver’s license number or Arkansas identification card number
- Account number, credit card number or debit card number in combination with any required security code, access code or password that would permit access to any individual’s financial account
- Medical information
An online form has been made available for individuals, businesses or State agencies to use to report a data breach to the Attorney General’s Office. The form can be accessed at ArkansasAG.gov.
If you are a consumer who has been impacted by a data breach, Rutledge encourages you to contact the Attorney General’s Consumer Protection Hotline at (800) 482-8982.