Data breach reporting
Pursuant to Ark. Code Ann. § 4-110-105, if you are a business, state agency or health care provider that has experienced a data breach, you may provide notice of a data breach to the Arkansas Attorney General using this reporting form. Notifications provided to the Attorney General are confidential and not subject to public disclosure but may be used by the Attorney General to investigate the data breach or any related incident or conduct. Read more about details on when notice to the Attorney General is required.
The Arkansas Personal Information Protection Act requires entities that collect personal information, such as businesses, state agencies, and health care providers, to use reasonable security procedures and practices to protect such information. Additionally, the law mandates that in the event such information is compromised, the entity must notify the affected individuals in a timely manner. Notification to individuals whose personal information has been compromised allows them to take steps to mitigate the potential misuse of their information.