Arkansas breach notification law and the role of the states in data privacy

[Mat Caughron 0]

Fortunately, privacy is not just GDPR!  U.S. states are taking actions to clarify the boundaries for breach notifications and other data privacy topics.  California's CCPA seems to get the most attention regularly.  Other states, such as Arkansas, are insightfully writing and enacting laws in data privacy:

Any person or business that has computerized data including “personal information” must disclose system security breaches to any Arkansas resident whose unencrypted personal information may have been acquired by unauthorized persons.
https://data.law/arkansas/

The tech law firm Zwillgen has a nice blog post has a useful summary: https://blog.zwillgen.com/2019/05/22/new-reporting-requirements-under-arkansas-data-breach-law/

 

In my opinion, I think it is great that states are stepping forward to defend their citizens from the misbehaviours of globalist and companies who all too often prioritize profits over responsible data handling (Equifax anyone?).  But as with nearly all legislative efforts, there will be unintended downsides.  Your thoughts?