Skip to main content
Find a Lawyer

Arkansas Code Title 10. General Assembly § 10-4-429. Report of security incident--Definitions

Current as of March 28, 2024 | Updated by Findlaw Staff

(a) As used in this section:

(1) “Public entity” means an entity of the state, political subdivision of the state, or school; and

(2) “Security incident” means any compromise of the security, confidentiality, or integrity of an information system maintained by a public entity, a contractual provider of an information system that contracts with a public entity, or other computer-related services of a public entity, that is caused by any unauthorized:

(A) Access to an information system of a public entity;

(B) Destruction of an information system of a public entity or the data of an information system of a public entity; or

(C) Acquisition of data from an information system of a public entity.

(b)(1) A public entity that experiences a security incident shall disclose, in writing, an initial report of the known facts of the security incident to the Legislative Auditor within five (5) business days after learning of the security incident.

(2) A public entity shall provide regular updates of the security incident to the Legislative Auditor until the investigation of the security incident is closed.

(c) The Legislative Auditor shall:

(1) Maintain a list of all security incidents reported by a public entity; and

(2) Annually on or before December 15, report the information required by subdivision (c)(1) of this section to the Legislative Council, Legislative Joint Auditing Committee, and Joint Committee on Advanced Communications and Information Technology.

(d) If the Legislative Auditor believes the security incident significantly compromises citizens' data, creates a significant security concern, or involves significant theft, then the Legislative Auditor shall notify:

(1) The Governor;

(2) The President Pro Tempore of the Senate;

(3) The Speaker of the House of Representatives;

(4) The House and Senate cochairs of the Legislative Council;

(5) The cochairs and the co-vice chairs of the Legislative Joint Auditing Committee; and

(6) The cochairs of the Joint Committee on Advanced Communications and Information Technology.

(e) A report, update, notification, or list created or maintained under this section is exempt from disclosure under the Freedom of Information Act of 1967, § 25-19-101 et seq., as a security function under § 25-19-105(b)(11).

Previous Part of Code Next Part of Code
Back to Chapter List

Cite this article: FindLaw.com - Arkansas Code Title 10. General Assembly § 10-4-429. Report of security incident--Definitions - last updated March 28, 2024 | https://codes.findlaw.com/ar/title-10-general-assembly/ar-code-sect-10-4-429/

FindLaw Codes may not reflect the most recent version of the law in your jurisdiction. Please verify the status of the code you are researching with the state legislature before relying on it for your legal needs.

Was this helpful?

Welcome to FindLaw's Cases & Codes

A free source of state and federal court opinions, state laws, and the United States Code. For more information about the legal concepts addressed by these cases and statutes, visit FindLaw’s Learn About the Law.

Go to Learn About the Law

Latest Blog Posts

For Legal Professionals

Learn About The Law

Get help with your legal needs

FindLaw’s Learn About the Law features thousands of informational articles to help you understand your options. And if you’re ready to hire an attorney, find one in your area who can help.

Go to Learn About the Law

Need to Find an Attorney?

Search our directory by legal issue

Enter information in one or both fields (Required)

Copied to clipboard