Two new bills, HB 2311 and 2154, are going into effect on August 3, 2018.  These bills increase an employer’s public notice responsibilities in the event of a data breach, and also increases limited liability protections for employers who hire employees or independent contractors who were previously convicted of criminal offenses.

HB 2154: Data Security Breaches

This law seeks to improve consumer data security in two ways.  First, the law expands the definition of protected personal information.  In addition to information such as Social Security numbers, bank account or credit/debit card numbers, medical information, or biometric data, the definition of “personal information” will also include e-mail addresses and passwords or security questions/answers that, when combined, grant access to online accounts.

Second, the new law increases an employer’s notice requirements. Once an employer is made aware of a “security incident,” the employer is required to conduct an investigation to determine if a security breach has occurred. If so, all affected individuals must be notified within 45 days of the discovery.  The notice must be made by e-mail, live telephone call, or a substitute notice that includes the following information:

• Approximate breach date;
• Information exposed by the breach;
• Toll-free numbers of the three largest nationwide consumer reporting agencies; and
• Numbers/addresses for the Federal Trade Commission and agencies that assist consumers with identity theft.

If the breach affects over 1,000 individuals, the employer is also required to notify the three largest nationwide consumer reporting agencies and the Arizona state attorney general.

HB 2311: Hiring Ex-Criminal Offenders

HB 2311 aims to improve fair-chance hiring and job opportunities for non-violent offenders, while providing employers limited protections from lawsuits associated with negligent hiring claims. In the event of a negligent hiring claim, the new law bars evidence of an employee’s or independent contractor’s “criminal offenses” prior to the date of hire with the employer.  “Criminal offense” is defined as “any criminal offense except violent offenses and sexual offenses.”

Employers will still need to exercise caution and carefully consider both the candidate and the role the candidate is being hired for.  Lawsuits alleging negligent supervision, or lawsuits where the employee’s prior conviction is directly related to the nature of their work and the conduct that led to the legal action, are not precluded. For example, in a claim related to the misuse of money by an employee/contractor hired to do accounting work where the employee/contractor had previous convictions associated with fraud prior to being hired, the employer may not be precluded from liability.