Personal Data Confidentiality and State Agencies in Arizona

Ariz. Rev. Stat. Ann. § 41-4151, 41-4152 is a data privacy law that was enacted in the U.S. state of Arizona in 2015. The law mandates that state agencies within Arizona implement a privacy policy that can be used to regulate the collection and dissemination of personal information that occurs when residents within Arizona access state agency websites. While federal and state laws such as the Freedom of Information Act or FOIA for short provide Americans with the right to request access to certain information and public records, websites that track the actions and data of users contradict the very transparency that such legislation seeks to promote. To this point, Ariz. Rev. Stat. Ann. § 41-4151, 41-4152 ensures that residents within the state can access public records while still maintaining their privacy.

How is a state agency defined under the law?

Under Ariz. Rev. Stat. Ann. § 41-4151, 41-4152, a state agency is defined as “any board, commission, department, officer or other administrative unit of this state, including the agency head and one or more members of the agency head or agency employees or other persons directly or indirectly purporting to act on behalf or under the authority of the agency head, whether created under the Constitution of Arizona or by enactment of the legislature. Agency does not include the legislature, the courts or the governor. Agency does not include a political subdivision of this state or any of the administrative units of a political subdivision, but does include any board, commission, department, officer or other administrative unit created or appointed by joint or concerted action of an agency and one or more political subdivisions of this state or any of their units.”

What are the duties of state agencies under the law?

Ariz. Rev. Stat. Ann. § 41-4151, 41-4152 requires state agencies to create a privacy policy that can serve to regulate the online websites of said agencies. This privacy policy must include the following elements:

• The specific services that the website provides to residents within the state of Arizona.
• The data elements that the state agency intends to obtain from residents within Arizona via their website.
• How the data elements collected from residents will be used.
• The rights that citizens have as it pertains to refusing to provide their personal information, as well as any alternatives that may be available to them.
• The circumstances under which the state agency websites intend to disclose the personal information of residents within Arizona to other entities or individuals.
• A general description of the security measures that the website utilizes to protect personally identifiable information.

What categories of personal data are covered by the law?

Some of the categories of personally identifiable information regarding individuals that reside within the state of Arizona that are legally covered in the event of unauthorized disclosure include but are not limited to:

• Full names.
• Postal addresses.
• Email addresses.
• Driver’s licenses.
• Passport numbers.
• Financial information.
• Online log-in credentials.
• Social security numbers.
• Medical or healthcare information.
• Religious information.
• Demographic information.
• Biometric data.
• Telephone numbers.
• Individual taxpayer identification numbers.

Public privacy and redaction

As legislation such as Ariz. Rev. Stat. Ann. § 41-4151, 41-4152 requires state and governmental agencies to safeguard the personal data of the citizens they serve, protecting the information of thousands of residents can prove to be extremely difficult. To ease the burden, automatic redaction software can be used to maintain the integrity and confidentiality of personal information. Using such software programs, government agencies can make specific forms of personally identifiable information, such as financial account numbers, social security numbers, or online log-in credentials, inaccessible to cyber thieves and criminals who would use such information for illegal purposes. More importantly, however, these software programs provide even the least technologically advanced of people with the ability to protect a wide range of sensitive information.

As government websites within the U.S. will contain personal information in both the form of public records as well as the data that users provide to such sites when looking to access such records, government agencies must do everything possible to secure this information. To illustrate this point further, 2021 saw the highest record of security breaches in the history of the U.S. What’s more, as internet usage only continues to increase in the midst of the COVID-19 virus, 2022 will almost certainly see even more data breaches than the previous year. With all this being said, Ariz. Rev. Stat. Ann. § 41-4151, 41-4152 provides residents within the state with the legal precedence needed to protect their personal data.