Georgia Data Disposal Law (Ga. Code § 10-15-2)

Georgia Data Disposal Law

Ga. Code § 10-15-2

 

CITATION:

GEORGIA CODE (Last Updated: August 20, 2013)

Title 10. COMMERCE AND TRADE 

Chapter 15. BUSINESS ADMINISTRATION

§ 10-15-1. Definitions

§ 10-15-2. Disposal of business records containing personal information

 

Section 10-15-1. Definitions  

As used in this chapter, the term:

(1) "Administrator" means the administrator of the "Fair Business Practices Act of 1975" appointed pursuant to subsection (a) of Code Section 10-1-395, or the administrator's designee.

(2) "Business" means a sole proprietorship, partnership, corporation, association, or other group, however organized and whether or not organized to operate at a profit. The term includes a financial institution organized, chartered, or holding a license or authorization certificate under the laws of this state, any other state, the United States, or any other country, or the parent or the subsidiary of any such financial institution. The term also includes an entity that destroys records. However, for purposes of this chapter, the term shall not include any bank or financial institution that is subject to the privacy and security provisions of the Gramm-Leach-Bliley Act, 15 U.S.C. 6801, et seq., as amended, and as it existed on January 31, 2002, nor shall it include any hospital or health care institution licensed under Title 31 which is subject to the privacy and security provisions of the federal Health Insurance Portability and Accountability Act of 1996, P.L. 104-191, nor any other entity which is governed by federal law, provided that the federal law governing the business requires the business to discard a record containing personal information in the same manner as Code Section 10-15-2.

(3) "Cardholder" means any person or organization named on the face of a payment card to whom or for whose benefit the payment card is issued.

(4) "Customer" means an individual who provides personal information to a business for the purpose of purchasing or leasing a product or obtaining a service from the business.

(5) "Discard" means to throw away, get rid of, or eliminate.

(6) "Dispose" means the sale or transfer of a record for value to a company or business engaged in the business of record destruction.

(7) "Merchant" means any person or governmental entity which receives from a cardholder a payment card or information from a payment card as the instrument for obtaining, purchasing, or receiving goods, services, money, or anything else of value from a person or governmental entity.

(8) "Payment card" means a credit card, charge card, debit card, or any other card that is issued to a cardholder and that allows the cardholder to obtain, purchase, or receive goods, services, money, or anything else of value from a merchant.

(9) "Personal information" means:

(A) Personally identifiable data about a customer's medical condition, if the data are not generally considered to be public knowledge;

(B) Personally identifiable data which contain a customer's account or identification number, account balance, balance owing, credit balance, or credit limit, if the data relate to a customer's account or transaction with a business;

(C) Personally identifiable data provided by a customer to a business upon opening an account or applying for a loan or credit; or

(D) Personally identifiable data about a customer's federal, state, or local income tax return.

(10)(A) "Personally identifiable" means capable of being associated with a particular customer through one or more identifiers, including, but not limited to, a customer's fingerprint, photograph, or computerized image, social security number, passport number, driver identification number, personal identification card number, date of birth, medical information, or disability information.

(B) A customer's name, address, and telephone number shall not be considered personally identifiable data unless one or more of them are used in conjunction with one or more of the identifiers listed in subparagraph (A) of this paragraph.

(11) "Record" means any material on which written, drawn, printed, spoken, visual, or electromagnetic information is recorded or preserved, regardless of physical form or characteristics.

(12) "Reencoder" means an electronic device that places encoded information from the magnetic strip or stripe of a payment card onto the magnetic strip or stripe of a different payment card.

(13) "Scanning device" means a scanner, reader, or any other electronic device that is used to access, read, scan, obtain, memorize, or store, temporarily or permanently, information encoded on the magnetic strip or stripe of a payment card.

Code 1981, § 10-15-1, enacted by Ga. L. 2002, p. 551, § 8; Ga. L. 2003, p. 339, § 1.

 

Section 10-15-2. Disposal of business records containing personal information   Latest version.

A business may not discard a record containing personal information unless it:

(1) Shreds the customer's record before discarding the record;

(2) Erases the personal information contained in the customer's record before discarding the record;

(3) Modifies the customer's record to make the personal information unreadable before discarding the record; or

(4) Takes actions that it reasonably believes will ensure that no unauthorized person will have access to the personal information contained in the customer's record for the period between the record's disposal and the record's destruction.

Code 1981, § 10-15-2, enacted by Ga. L. 2002, p. 551, § 8.

 

For more information, see here:  http://ga.elaws.us/law/10-15

AND

https://consumer.georgia.gov/business-services/disposal-customers-business-records

 

These materials were obtained directly from the State Legislative websites and are posted here for your review and reference only.  No Claim to Original State Government Works.  This may not be the most recent version.  The State may have more current information.  We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to.  Please check the linked sources directly.

These materials were obtained directly from the U.S. Federal Government public websites, U.S. State Government public websites, or the International Government public websites and are posted here for your review and reference only. No Claim to Original U.S. Government Works, Original U.S. State Government Works, or Original International Government Works. This information may not be the most recent version. The U.S. Government, U.S. States, or International Governments may have more current information. We make no guarantees or warranties about the accuracy or completeness of this information, or the information linked to. Please check the linked sources directly.