Rule 80-12-4-.08 - Notification of Computer Security Incident(1) An MALPB must notify the Department about a notification incident through email, telephone, or other similar methods that the Department may prescribe. The Department must receive this notification from the MALPB as soon as possible and no later than 36 hours after the MALPB determines that a notification incident has occurred.(2) For purposes of this Rule, these terms have the following meaning: (a) "Computer-security incident" is an occurrence that results in actual harm to the confidentiality, integrity, or availability of an information system or the information that the system processes, stores, or transmits.(b) "Notification incident" is a computer-security incident that has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, an MALPB's- (i) Ability to carry out operations, activities, or processes, or deliver products and services to a material portion of its customer base, in the ordinary course of business; or(ii) Operations, including associated services, functions and support, as applicable, the failure or discontinuance of which would either result in a material loss of revenue, profit, or franchise value for the MALPB or pose a threat to the financial stability of the United States.Ga. Comp. R. & Regs. R. 80-12-4-.08
O.C.G.A. §§ 7-9-3, 7-9-13.
Original Rule entitled "Notification of Computer Security Incident" adopted. F. Dec. 20, 2024; eff. Jan. 9, 2025.