New Generation of Laws Take Effect
07/31/2018

Arizona history is alive, and its echoes can be seen in our Constitution’s direction that legislation signed into law by the Governor does not become effective until 90 days after the end of the Regular Legislative Session. The roots for this requirement run deep. Its reasoning has two main sources. The first has to do with the idea that changes take time to be implemented, and the people and businesses that are subject to the new law need time to make adjustments to their systems in order to prepare for the shifting compliance obligations that new laws bring. The second stems from our Constitution’s empowerment of the citizens to use the initiative process to permit the voters to ratify or appeal legislation.

The 2018 Regular Session of the Arizona Legislature adjourned on May 4, 2018, making August 3, 2018, the general law effective date for most legislation enacted during the session. It is important to note that not all legislation will become effective on that date. Of the 346 measures signed into law by the Governor, approximately 40 had different effective dates, including measures that became law immediately due to an “emergency clause” or because the legislation contained a delayed effective date. Measures that become effective on August 3 cover a variety of subjects and a few of interest include the following:

HB2154 Personal Information; Data Security Breaches

HB2154 made significant changes to existing state law relating to data security breaches. Under this measure, if a person conducting business in Arizona owns, maintains or licenses unencrypted and unredacted computerized personal information and becomes aware of a "security system breach," the person must notify affected individuals within 45 days. If the breach requires notification of more than 1,000 individuals, the person must notify the three largest nationwide consumer reporting agencies and provide written notice to the Attorney General. The measure prescribes a list of information be provided to individuals impacted by the breach that must be included in the notification. If the breach involves login credentials for an online account, a person may comply with these requirements by providing the notification that directs the individual to promptly change a password and security question or answer, as applicable, or to take other appropriate steps to protect the online account. A knowing and willful violation of the new law is subject to action under the consumer fraud law as an unlawful practice which may be enforced by the Attorney General.

The Attorney General is authorized to impose a civil penalty for violations of the lesser of $10,000 per affected individual or the total amount of economic loss sustained by affected individuals, and the maximum civil penalty from a breach or series of related breaches cannot exceed $500,000. Similar measures have been enacted in other states, including Colorado and California.

HB2020 Nondisclosure Agreements; Sexual Assault; Harassment

This measure prohibits the enforcement of a "nondisclosure agreement" that would prevent a party from responding to a peace officer's or prosecutor's inquiry, or from making a statement not initiated by that party in a criminal proceeding in relation to a violation or alleged violation of sexual offenses or obscenity offenses. These acts cannot be used to avoid or invalidate a party's right to consideration under the contract or to require the return of consideration that has already been provided to the party. The measure also prohibits the expenditure of public funds to resolve an allegation of, or attempted, sexual assault or sexual harassment.

SB1375 and HB2550 Contractor Licensing Requirements

As a result of these enactments, the Registrar of Contractors statutes require that the contractor license applicant must specify the type of license sought and demonstrate that the applicant and its qualifying party have the necessary training and experience. The application process also requires the submission of information that identifies the applicant, including the names and addresses of the applicant, and if the application is an entity, information about the owners and leadership of the entity. Information likewise must be submitted about the work and regulatory experience of the applicant in order to obtain the license, including whether the individuals associated with the license have experience in the business, or unresolved compliance issues with the agency.

HB2601, HB2602, and HB2603 Blockchain Technology

The legislature enacted three measures intended to promote the use of blockchain technology in the state. HB2601 extends the state’s previously enacted crowdfunding laws to be specifically applicable to “initial coin offerings.” HB2602 allows individuals to run “mining” operations – referred to in the legislation as "running a node on blockchain technology" in their residences, and prohibits counties and municipalities from prohibiting or restricting this activity. HB2603 expands the scope of blockchain technology transactions to apply to written transactions, making signatures and records secured through blockchain technology and smart contracts and other data stored and shared by corporations on the blockchain to become valid under the corporate code.

Click here to view this in PDF.

Please note:  Effective July 31, 2018, Chris Herstam has retired from the firm and is no longer associated with Lewis Roca Rothgerber Christie.