Compilation of Rules and Regulations of the State of Georgia
Department 80 - RULES OF DEPARTMENT OF BANKING AND FINANCE
Chapter 80-3 - MONEY TRANSMISSION
Subject 80-3-1 - DISCLOSURES, LOCATIONS, AUTHORIZED AGENTS, AND CUSTOMER INFORMATION
Rule 80-3-1-.04 - Notice of Unauthorized Access to Personal Information
Current through Rules and Regulations filed through December 18, 2024
(1) In the event that a licensee provides notice under applicable federal or state law of an information security incident involving unauthorized access to personal information, then the licensee shall simultaneously provide a duplicate of such disclosure to the Department. For purposes of this rule, personal information is any record containing nonpublic personal information about a customer or potential customer whether in paper, electronic, or other form maintained by or on behalf of the licensee.
(2) Pursuant to O.C.G.A. § 10-1-912, a business that satisfies the definition of an information broker is required to provide notice to Georgia residents in the event of a data breach that results in access or likely access to unencrypted personal information. In the event a licensee or an affiliate of a licensee is required to make such notification to Georgia residents, then a duplicate of the notification will simultaneously be submitted to the Department.
O.C.G.A. §§ 7-1-61, 7-1-690.