Arizona and its Attorney General’s office have emerged as key players in the effort to prioritize data security on the national stage. Since his inauguration in 2015, Arizona Attorney General Mark Brnovich has struck a balance between supporting innovation and protecting Arizonans’ privacy rights. With the support of Governor Doug Ducey, Arizona is taking active steps to broaden the scope of state privacy protection initiatives.

As the current Chair of the Conference of Western Attorneys General (CWAG), AG Brnovich will host CWAG’s 2018 Chair Initiative in Scottsdale, Arizona on May 3 and 4, focusing specifically on data privacy, cybersecurity, and digital piracy. The meeting will bring together AGs from around the country as well as thought leaders and key stakeholders in the private sector to tackle new horizons on issues such as breach notification, the European Union’s data protection regulations, national security, and FinTech. To read more about AG Brnovich’s 2018 Chair Initiative, and his take on how attorneys generals are tackling privacy and data security issues, check out Reed Smith Partner Divonne Smoyer and Associate Kimberly Chow’s recent Q&A with AG Brnovich on the website of the International Association of Privacy Professionals.

AG Brnovich has demonstrated his commitment to innovative programs as a vocal supporter of Arizona’s Regulatory Sandbox Program, signed into law by Governor Doug Ducey on March 22, 2018. As a consumer protection measure, the regulatory sandbox will be administered by AG Brnovich’s office. The program is designed to give businesses the opportunity to test financial products and services in the Arizona market, and tailor those products and services based on test results before expending resources on licensing. This is a win for consumers, who can utilize new financial technologies and rest assured that their information is safe, and for businesses, as they can develop their deliverables using the test results. Though regulatory sandboxes are not novel abroad, the passage of the Bill makes Arizona the first state in the country to implement a FinTech sandbox.

Governor Ducey continued to prioritize data privacy in partnership with the AG’s office this spring, supplementing Arizona’s already comprehensive data breach law by signing Arizona House Bill 2154 into law on April 11, 2018. The Bill, authored by AG Brnovich’s office, expands the list of specific elements that, in combination with an Arizonian’s first name, first initial, or last name, would be classified as personal information. The expanded list includes biometric data, passport numbers, health insurance identification numbers, taxpayer identification numbers, information about an individual’s medical or mental health treatment or diagnosis, and unique private keys used to authenticate or sign electronic records. The amended law will also create a category of personal information consisting of usernames or email addresses combined with a password or a security question and answer. Companies should take care to review the amendment’s increased notice requirements and penalties.

Much more is expected to come out of the CWAG meeting, and we will stay tuned as Arizona continues to be a policy leader in the area of privacy and data security.