AZ HB2469

Renames Arizona Revised Statutes title 44, chapter 32 from "Notification for Compromised Personal Information" to "Personal Information" and adds comprehensive definitions of breach, encryption, personal information, and related terms in new section 44-7501.

Requires persons conducting business in Arizona who own or license unencrypted computerized data containing personal information to notify affected individuals without unreasonable delay if a security breach occurs, with notification methods including written notice, electronic notice, telephone, or substitute notice under certain conditions.

Establishes that the Attorney General has sole enforcement authority and may pursue actual damages and civil penalties up to $10,000 per breach for willful and knowing violations of breach notification requirements.

Requires all Arizona state agencies to encrypt personal information in databases within five years of the act's effective date, with exemptions for legacy database systems implemented before January 1, 2000, and allows prosecutors to pursue damages for violations.

Makes section 44-7503 (encryption requirements) contingent on the Department of Administration receiving an appropriation and repeals the entire chapter one year after a federal personal data privacy and security act becomes effective.