Dear Consumer Ed:
If a store scans my driver’s license and its computer system is subsequently hacked, resulting in my information being compromised, does the store have to notify me of the breach?
Consumer Ed says:
Georgia Law O.C.G.A. § 10-1-912 requires businesses who collect, transmit or maintain unencrypted digital records of an individual’s personal information, such as a driver’s license or credit card, to notify that individual when it knows or reasonably believes that its system has been breached. Since the information collected is usually maintained by a third-party company, the breach notification might come from that entity rather than the store itself. The law also requires that the notice be provided “in the most expedient time possible and without unreasonable delay,” unless a law enforcement agency determines that such notification will compromise a criminal investigation.
Submit your own question to Consumer Ed. Remember…we do not give legal advice. Always consult a lawyer about legal issues.