Alabama Data Breach Notification Act of (2018)

From Privacy Wiki
Jump to navigation Jump to search
Alabama Data Breach Notification Act of (2018)
Short Title Data Breach Notification
Official Text Alabama Data Breach Notification Act of (2018)
Country/Jurisdiction United States
State or Province Alabama
Regulatory Bodies
Date Enacted 2018

Scope of the Law General Business

Taxonomy Aggregation, Insecurity

Data breach law for Alabama.

Text of the law

Policy 621: Data Breach Notification defines the requirements and responsibilities for providing notifications when a breach of personal information has occurred. The Alabama Data Breach Notification Act of 2018 (Acts 2018-396) requires certain entities to provide notice to certain persons upon a breach of security that results in the unauthorized acquisition of sensitive personally identifying information (PII). The primary objectives of this policy were to:

1. Define the term breach to include unauthorized acquisition of PII, unauthorized use or disclosure of PII, and information spillage instances (as defined in IRS Publication 1075, IR-9)
2. Define PII to include identifying elements stated in the Alabama Consumer Identity Protection Act (Acts 2001-312) as well as Acts 2018-396.
3. Define the notification-related responsibilities of data owners and data custodians (without restating the requirements of state or federal law or of other governance (e.g., HIPAA)).
4. Require that the Office of Information Technology be notified upon discovery of any data breach. Insecurity, Aggregation
Policy 621 addresses NIST SP800-53R4 security control IR-9 (Information Spillage) which is required by IRS publication 1075 and is a control that should be broadly applied whenever PII or other sensitive data types are being handled (i.e., not limited to tax information). Policy 621 replaces legacy Policy 685: Data Breach Notification. Policy 685 was rescinded in 2018, after the Alabama Data Breach Notification Act became law. Risks that are addressed in this policy:
-Exposure of PII or of other sensitive data
-Understanding what constitutes PII
-Understanding what constitutes a data breach
View or Download: DRAFT Policy 621: Breach Notification

Disclaimer: The text of this law may not be the most recent version. We make no warranties or representations about the accuracy, completeness, or adequacy of the information contained on this site. Please check official sources.