Compilation of Rules and Regulations of the State of Georgia
Department 80 - RULES OF DEPARTMENT OF BANKING AND FINANCE
Chapter 80-3 - MONEY TRANSMISSION
Subject 80-3-1 - DISCLOSURES, LOCATIONS, AUTHORIZED AGENTS, AND CUSTOMER INFORMATION
Rule 80-3-1-.04 - Notice of Unauthorized Access to Personal Information

(1) In the event that a licensee provides notice under applicable federal or state law of an information security incident involving unauthorized access to personal information, then the licensee shall simultaneously provide a duplicate of such disclosure to the Department. For purposes of this rule, personal information is any record containing nonpublic personal information about a customer or potential customer whether in paper, electronic, or other form maintained by or on behalf of the licensee.

(2) Pursuant to O.C.G.A. § 10-1-912, a business that satisfies the definition of an information broker is required to provide notice to Georgia residents in the event of a data breach that results in access or likely access to unencrypted personal information. In the event a licensee or an affiliate of a licensee is required to make such notification to Georgia residents, then a duplicate of the notification will simultaneously be submitted to the Department.