Guam Notification of Breaches of Personal Information — 9 GCA Ch. 48
Guam · 9 G.C.A. ch. 48
Guam's data breach notification statute. Requires entities holding personal information to notify affected residents of breaches. Relevant to AI systems processing personal data because any compromise must trigger notice.
Technical detail
9 G.C.A. ch. 48 (Notification of Breaches of Personal Information, 2009) requires persons and entities holding personal information of Guam residents to notify affected individuals after a security breach.
Who is protected: Guam residents whose personal data is held by covered entities
Who must comply: Persons and entities holding personal information of Guam residents
Key facts
| Jurisdiction | Guam |
|---|---|
| Level | State |
| Status | In effect |
| Protection strength | Limited protection |
| Effective date | 2009-01-01 |
| Enacted | 2009-01-01 |
| Citation | 9 G.C.A. ch. 48 |
| Enforced by | Office of the Attorney General of Guam |
| Private right of action | No — agency enforcement only |
| Penalties | Civil penalties per chapter |
| Topics | consumer data privacy · data retention · consumer protection |
| Last verified | 2026-06-16 |
| Official source | 9 GCA Ch. 48 — Notification of Breaches of Personal Information (Justia) ↗ |
More AI rules in Guam
- Guam P.L. 38-77 (AI Task Force) · In effect
- Guam Bill 171-38 (NCII / Deepfakes) · Proposed / pending
- Guam Bill 209-38 (Election Deepfakes) · Proposed / pending
- Guam EDPA (5 GCA Ch. 14) · In effect
Related consumer data privacy rules elsewhere
- TAKE IT DOWN Act · In effect
- FCRA (AI in credit & background checks) · In effect
- COPPA + 2025 Rule (childrens data) · In effect
- TCPA (AI voice calls) · In effect
- DEFIANCE Act (deepfake-porn civil suits) · Proposed / pending
- CCPA/CPRA + ADMT Regulations · In effect
See something wrong or out of date? Submit a correction — every entry must carry a verifiable official source.