Georgia SB-230 is a state data privacy law which protects personally identifiable information. Georgia SB-230 was signed into law May 5, 2005 and became effective May 5, 2005. The law applies to any person or entity who, for monetary fees or dues, engages in whole or in part in the business of collecting, assembling, evaluating, compiling, reporting, transmitting, transferring, or communicating information concerning individuals for the primary purpose of furnishing personally identifiable information to nonaffiliated third parties, or any state or local agency or subdivision thereof that maintains data that includes personally identifiable information.

The policy looks for at least one match to personally identifiable information, which may include:

  • Credit Card Number

  • Credit Card Track Data

  • US Drivers License Number

  • US Social Security Number