10-1-911

Code Resources

Georgia Resources
Georgia Website
Georgia Governor
Georgia Legislature
Georgia Courts

Search this Code
in Google Scholar

on the Web
Google Web Search
MSN Web Search
Yahoo! Web Search

in the News
Google News Search
Google News Archive Search
Yahoo! News Search

in the Blogs
BlawgSearch.com Search
Google Blog Search
Technorati Blog Search

in other Databases
Google Book Search

10-1-911.
As used in this article, the term:
(1) 'Breach of the security of the system' means unauthorized acquisition of an individuaĺs computerized data that compromises the security, confidentiality, or integrity of personal information of such individual maintained by an information broker. Good faith acquisition of personal information by an employee or agent of an information broker for the purposes of such information broker is not a breach of the security of the system, provided that the personal information is not used or subject to further unauthorized disclosure.
(2) 'Information broker' means any person or entity who, for monetary fees or dues, engages in whole or in part in the business of collecting, assembling, evaluating, compiling, reporting, transmitting, transferring, or communicating information concerning individuals for the primary purpose of furnishing personal information to nonaffiliated third parties, but does not include any governmental agency whose records are maintained primarily for traffic safety, law enforcement, or licensing purposes.
(3) 'Notice' means:
(A) Written notice;
(B) Electronic notice, if the notice provided is consistent with the provisions regarding electronic records and signatures set forth in Section 7001 of Title 15 of the United States Code; or
(C) Substitute notice, if the information broker demonstrates that the cost of providing notice would exceed $250,000.00, that the affected class of individuals to be notified exceeds 500,000, or that the information broker does not have sufficient contact information to provide written or electronic notice to such individuals. Substitute notice shall consist of all of the following:
(i) E-mail notice, if the information broker has an e-mail address for the individuals to be notified;
(ii) Conspicuous posting of the notice on the information brokeŕs website page, if the information broker maintains one; and
(iii) Notification to major state-wide media.
Notwithstanding any provision of this paragraph to the contrary, an information broker that maintains its own notification procedures as part of an information security policy for the treatment of personal information and is otherwise consistent with the timing requirements of this article shall be deemed to be in compliance with the notification requirements of this article if it notifies the individuals who are the subjects of the notice in accordance with its policies in the event of a breach of the security of the system.
(4) 'Person' means any individual, partnership, corporation, limited liability company, trust, estate, cooperative, association, or other entity. The term 'person' as used in this article shall not be construed to require duplicative reporting by any individual, corporation, trust, estate, cooperative, association, or other entity involved in the same transaction.
(5) 'Personal information' means an individuaĺs first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted:
(A) Social security number;
(B) Driveŕs license number or state identification card number;
(C) Account number, credit card number, or debit card number, if circumstances exist wherein such a number could be used without additional identifying information, access codes, or passwords;
(D) Account passwords or personal identification numbers or other access codes; or
(E) Any of the items contained in subparagraphs (A) through (D) of this paragraph when not in connection with the individuaĺs first name or first initial and last name, if the information compromised would be sufficient to perform or attempt to perform identity theft against the person whose information was compromised.
The term 'personal information' does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records.