Alabama Data Breach Notification Act of (2018)
Jump to navigation
Jump to search
Alabama Data Breach Notification Act of (2018) | |
---|---|
Short Title | Data Breach Notification |
Official Text | Alabama Data Breach Notification Act of (2018) |
Country/Jurisdiction | United States |
State or Province | Alabama |
Regulatory Bodies | |
Date Enacted | 2018 |
Scope of the Law | General Business |
Information | |
Taxonomy | Aggregation, Insecurity |
Strategies |
Data breach law for Alabama.
Text of the law
Policy 621: Data Breach Notification defines the requirements and responsibilities for providing notifications when a breach of personal information has occurred. The Alabama Data Breach Notification Act of 2018 (Acts 2018-396) requires certain entities to provide notice to certain persons upon a breach of security that results in the unauthorized acquisition of sensitive personally identifying information (PII). The primary objectives of this policy were to:
- 1. Define the term breach to include unauthorized acquisition of PII, unauthorized use or disclosure of PII, and information spillage instances (as defined in IRS Publication 1075, IR-9)
- 2. Define PII to include identifying elements stated in the Alabama Consumer Identity Protection Act (Acts 2001-312) as well as Acts 2018-396.
- 3. Define the notification-related responsibilities of data owners and data custodians (without restating the requirements of state or federal law or of other governance (e.g., HIPAA)).
- 4. Require that the Office of Information Technology be notified upon discovery of any data breach. Insecurity, Aggregation
- Policy 621 addresses NIST SP800-53R4 security control IR-9 (Information Spillage) which is required by IRS publication 1075 and is a control that should be broadly applied whenever PII or other sensitive data types are being handled (i.e., not limited to tax information). Policy 621 replaces legacy Policy 685: Data Breach Notification. Policy 685 was rescinded in 2018, after the Alabama Data Breach Notification Act became law. Risks that are addressed in this policy:
- -Exposure of PII or of other sensitive data
- -Understanding what constitutes PII
- -Understanding what constitutes a data breach
- View or Download: DRAFT Policy 621: Breach Notification
Disclaimer: The text of this law may not be the most recent version. We make no warranties or representations about the accuracy, completeness, or adequacy of the information contained on this site. Please check official sources.