Georgia Personal Data Security Act

Georgia SB 230 of 2005 requires that in the vent of a breach of the security of the system, which system is maintained by a third-party agent for a covered entity, the third-party agent shall notify the covered entity of such breach as expeditiously as practicable but no later than 72 hours after the determination of such breach or reason to believe such breach has occurred. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. Additional rules detect passwords. The rules for this policy are:

• Georgia Personal Data Security Act: SSN with CCN
• Georgia Personal Data Security Act: CCN with GA Driver License
• Georgia Personal Data Security Act: Password Dissemination for HTTP Traffic (Wide)
• Georgia Personal Data Security Act: Password Dissemination for HTTP Traffic (Default)
• Georgia Personal Data Security Act: Password Dissemination for HTTP Traffic (Narrow)
• Georgia Personal Data Security Act: Password Dissemination for non-HTTP/S Traffic (Wide)
• Georgia Personal Data Security Act: Password Dissemination for non-HTTP/S Traffic (Default)
• Georgia Personal Data Security Act: Password Dissemination for non-HTTP/S Traffic (Narrow)