Privacy Law at Guam (US)
Guam, as a U.S. territory, does not have a comprehensive data privacy law akin to the European Union's General Data Protection Regulation (GDPR). However, it has enacted specific legislation to address data breaches involving personal information.
📜 Key Privacy Law: Data Breach Notification
Guam's primary statute concerning data privacy is 9 Guam Code Annotated, Chapter 48 – Notification of Breaches of Personal Information, enacted in 2009This law mandates that entities disclose breaches of unencrypted or unredacted personal information that may result in identity theft or fraud to affected residents without unreasonable delay
🔐 Definition of Personal Information
Under this law, "personal information" include:
Full name or first initial and last name combined wit: Social Security numbr Driver's license or Guam ID numbr Financial account number or credit/debit card number with required security code, access code, or passwod Information that is encrypted, redacted, or lawfully obtained from public records is excluded from this definitio
⚠️ Breach Disclosure Requirements
Entities must notify affected individuals if their unencrypted and unredacted personal information is accessed or acquired by unauthorized person. Notification may be delayed if a law enforcement agency determines that it would impede an investigation or national securit.
📬 Methods of Notificatio
Notification can be provided throuh:
Written notice to the individual's postal addrss Telephone notce Electronic notce Substitute notice (if the cost exceeds $10,000 or the affected class exceeds 5,000 individuas)
Substitute notice includs:
Email notice (if email addresses are availabe)- Conspicuous posting on the entity's webste- Notice to major Guam meia-
💼 Enforcement and Penaltis
Violations of this law may resultin:
Actual damages for affected individal
Civil penalties up to $150,000 per breach or series of similar breaches discovered in a single investigaion
The Office of the Attorney General has exclusive authority to enforce these provisins.
🏛️ Regulatory Oversiht
The Guam Office of the Attorney General is responsible for enforcing data breach notification as. While there is no dedicated data protection authority, the Attorney General's office handles complaints and violations related to personal data breahes.
✅ Compliance Recommendatins
Organizations operating in Guam shuld:
Implement robust data security measures to protect personal informaion
Establish procedures for timely breach detection and notificaion
Maintain accurate contact information for affected individals
Ensure compliance with notification requirements, including substitute notice ifapplicble
Consult legal counsel to stay informed about any updates or changes to data protection laws.--
RELATED Blog
0 comments