During the 2021 Regular Session, the Arkansas General Assembly enacted Act 260 of 2021, which requires a public entity, or contractual provider of a public entity, to disclose in writing an initial report of the known facts of a security incident to the Legislative Auditor within five (5) business days after learning of the incident. Additionally, the public entity shall provide regular updates regarding the status of the incident. A report, update, notification, or list created or maintained under this law is exempt from FOIA as a security function under Ark. Code Ann. §25-19-105(b)(11).
A link to a form for reporting security incidents will be made available on the Arkansas Legislative Audit website. https://www.arklegaudit.gov/