As we wrote when the law passed, Arizona has expanded its data breach notification law. The law's effective date was July 20, and now includes several new elements. Included is a requirement to notify the state attorney general if more than 1,000 individuals have been impacted, and gives an expanded ability to notify by email. Timing of notification has changed from "most expedient" to within 45 days. The Arizona law also now has content requirements for notifications, and do not need to notify if an independent forensic firm or law enforcement determine that there has been no risk of "substantial economic loss."
Putting it Into Practice: Companies should keep in mind these new elements of Arizona's law for their nationwide breach notice plans.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.