AR HB1110

Requires public entities (state entities, political subdivisions, and schools) to report security incidents involving unauthorized access, destruction, or data acquisition to the Legislative Auditor within 5 business days of discovery

Mandates public entities provide regular updates to the auditor until the security incident investigation is closed

Requires the Legislative Auditor to maintain a list of all reported security incidents and submit an annual report by December 15 to the Legislative Council, Legislative Joint Auditing Committee, and Joint Committee on Advanced Communications and Information Technology

Directs the auditor to notify the Governor, President Pro Tempore of the Senate, Speaker of the House, and relevant legislative committees if a security incident significantly compromises citizens' data, creates significant security concerns, or involves significant theft

Exempts all reports, updates, notifications, and lists created under this section as security functions under Arkansas Code § 25-19-105(b)(11)