Law: Personal Information Protection Act ('the Act') under Ark. Code Ann. § 4-110-101 et seq.

Regulator: The Arkansas Attorney General ('AG')

Summary: The Personal Information Protection Act (the Act) under Ark. Code Ann. § 4-110-101 et seq came into effect on April 4, 2005. The Act is the primary piece of privacy legislation in Arkansas. The Act requires individuals, businesses, and State agencies that acquire, own, or license personal information belonging to citizens of the State to implement reasonable security measures to safeguard personal information in order to prevent unauthorized access, as well as implement corresponding measures for data disposal. The Act also requires notification of data breaches to the Arkansas Attorney General (AG) and to subscribers, depending on the number of individuals potentially affected by the breach. The AG holds the power to sanction violations of the law and issue penalties.

Additional privacy legislation includes the Arkansas Consumer Telephone Privacy Act under Ark. Code Ann. §§104(a) and (b) of Chapter 60 of Title 6 of the Ark. Code Ann. 4-99-401 et seq of the Ark. Code Ann., which sets out telemarketing requirements and establishes a State-wide Do-Not-Call database. Although the Constitution of Arkansas does not expressly provide for the right to privacy, the Supreme Court of Arkansas has found that such right is implicit in the Constitution.

Arkansas protects minors under the Protection of Minors from the Distribution of Harmful Material Act which requires age verification methods before allowing access to a website containing a substantial portion of material that is harmful to minors.

You can follow legislative developments in the US through the USA State Law Tracker.