AZ SB1790

Requires data brokers in Arizona to register annually with the Secretary of State, pay registration fees, and disclose categories of data processed, security breach history, and practices regarding sensitive data including children's data.

Defines "data broker" as a business that collects, processes, or transfers personal data not obtained directly from the individual, applying to entities earning over 50% of revenue from such activities or handling data of more than 50,000 individuals annually.

Mandates comprehensive information security plans including employee training, access controls, encryption of transmitted and stored personal data, firewall protection, and regular security reviews at least annually.

Establishes civil penalties of $100 per day for violations, plus unpaid registration fees, up to $10,000 maximum per twelve-month period, enforceable by the Attorney General.

Exempts government entities, service providers acting under contract, consumer reporting agencies subject to the Fair Credit Reporting Act, deidentified data, employee data, and publicly available information from the chapter's requirements.