Arizona: An Overview of Data Protection & Data Privacy Law

Arizona does not yet have a comprehensive data privacy law. To stay updated on the progress of privacy-related bills across the US, visit our US State Privacy Laws Tracker.

Data privacy is a critical concern worldwide. Businesses are experiencing a rapid boom in data generation, which calls for stricter data privacy and protection laws to handle data safely and provide users with increased data privacy rights. However, certain states in the US have yet to enact a comprehensive privacy law or introduce a bill. Notably, Arizona is one such state with no comprehensive regulation.

Read on as we discuss the status of data privacy legislation in Arizona and the best practices businesses must consider to ensure compliance and build customer trust.

The Current Status in Arizona

Although Arizona has no comprehensive data protection law yet, many other federal or sectoral regulations apply to businesses operating in the state.

Federal Laws and Regulations

Businesses must be aware of the crucial data privacy provisions in the applicable laws. These laws dictate how a covered business may collect, process, share, transfer, and sell personal data in the state or across borders.

For instance, the Health Insurance Portability and Accountability Act (HIPAA) does not apply to all categories of personally identifiable information (PII). It applies to data that falls under the category of Protected Health Information (PHI), such as medical records, medical diagnoses, social security numbers, etc. Hence, the regulation applies to healthcare clearinghouses and healthcare providers, to name a few.

Another common example of a federal regulation is the Gramm-Leach-Bliley Act (GLBA). The law applies to only businesses or entities operating in the financial industry, such as companies that provide loans or financial services.

The Fair Credit Reporting Act (FCRA) is another important federal regulation influencing the financial industry, specifically consumer credit reporting agencies. The law governs personal data related to consumers' credit scores and histories, requiring businesses to ensure the secure and accurate handling of consumer data.

The Arizona Genetic Information Privacy Act (House Bill 2069) was enacted on September 29, 2021.  As the name suggests, the Act applies to direct-to-consumer genetic testing companies that collect and process individuals’ DNAs, chromosomes, etc.

Business Best Practices

Entities that are running business operations in the state of Arizona should take into consideration some of the following best practices for compliance. For instance, businesses should:

• Conduct compliance assessments to determine their compliance with certain state, tribal, local, or federal data protection and privacy laws.
• Implement robust data security measures that ensure the confidentiality, availability, and accessibility of data and protect it against unauthorized access and other cybersecurity threats.
• Automatically map data across systems and resources to understand the lineage of data across its lifecycle.
• Create and maintain privacy notices to enable data collection and processing transparency.

Conclusion

The state of Arizona currently does not have a comprehensive data protection regulation. However, businesses must stay prepared ahead of time to foster customer trust.