Arizona amends data privacy statute to include notice to Department of Homeland Security

Blog Post

This article is part of a series providing insight and updates on the latest state data privacy legislation. 


On March 29, 2022, Arizona Gov. Doug Ducey, signed into law HB 2164, a first of its kind reporting requirement to the Arizona Department of Homeland Security. Specifically, HB 2164 requires entities notifying more than 1,000 individuals of a breach to submit notice to the director of the Arizona Department of Homeland Security.

Reporting a breach to Homeland Security expands Arizona’s breach notification law as follows:

Within 45 days after the determination of a security breach, an entity notifying more than one thousand individuals, shall notify: (a) The three largest nationwide consumer reporting agencies, (b) the Attorney General and the director of the Arizona Department of Homeland Security, in writing.

The Arizona House of Representatives first introduced HB 2164 earlier this year on January 18, 2022. The revised law will go into effect 91 days after the legislation session adjourns, which is currently scheduled for April 23, 2022. The effective date is therefore on or around July 23, 2022.

Reporting a data breach to the FBI or Homeland Security is a measure that has been strongly encouraged by the Federal Government, however this amendment makes Arizona the first state to take this recommendation to the next level and require entities to provide written notice to Homeland Security.

Jump to Page

McDonald Hopkins uses cookies on our website to enhance user experience and analyze website traffic. Third parties may also use cookies in connection with our website for social media, advertising and analytics and other purposes. By continuing to browse our website, you agree to our use of cookies as detailed in our updated Privacy Policy and our Terms of Use.