Arkansas Department of Education Division of Elementary and Secondary Education Required Reporting of Cyber Security Incidents to Legislative Audit

Memo Information

Memo Number
Memo Date
Memo Type
Research & Technology
Regulatory Authority
ACT 260
Response Required
Federal Programs; Superintendents; Assistant Superintendent; Principals; Technology Coordinators; Test Coordinators; General Business Managers; Curriculum Coordinators; Bookkeepers; School Counselors; Equity Coordinators (Disability/Race/Gender/National Origin); Child Nutrition Directors/Managers; Data Stewards (SIS; eSchool; eFinance; TRIAND); District Coordinators (ALE; Homeless; ESOL; SDFS & Foster); CTE Coordinator (COOPs and regular school districts); Facilities / Maintenance Director

Primary Contact Information

Secondary Contact/s Information

Memo Reference

No references available.

Memo Text

During the 2021 Regular Session, the Arkansas General Assembly enacted Act 260 of 2021, which requires a public entity, or contractual provider of a public entity, to disclose in writing an initial report of the known facts of a security incident to the Legislative Auditor within five (5) business days after learning of the incident. Additionally, the public entity shall provide regular updates regarding the status of the incident. A report, update, notification, or list created or maintained under this law is exempt from FOIA as a security function under Ark. Code Ann. §25-19-105(b)(11).


A link to a form for reporting security incidents will be made available on the Arkansas Legislative Audit website.

Print Memo

Share this memo