Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Alabama: Governor signs Data Breach Notification Act

The Alabama Attorney General ('AG'), Steve Marshall, announced, on 28 March 2018, that the Governor, Kay Ivey, had signed the Alabama Data Breach Notification Act of 2018 ('the Act'). The Act requires entities to notify Alabama residents of a breach within 45 days of its discovery, and notify the AG within 45 days if the breach affects more than 1,000 individuals, as well as all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis. In addition, third party agents are required to notify the agent of a breach within ten days of its discovery.

The AG has the authority to issue penalties for violations of the Act. Covered entities or third party agents who knowingly engage in or have knowingly engaged in a violation of the notification provisions can be subject to a penalty not exceeding $500,000 per breach, and covered entities that violate the notification provisions can be liable for a civil penalty of not more than $5,000 per day for each consecutive day that the entity fails to take reasonable action to comply with the notice provisions of the Act.

Marshall said, "Alabama consumers finally join the rest of America in having the right to know if their personal information is stolen or compromised in a data breach [...] Until now, Alabama was the only state without a data breach notification law."

You can read the press release here, the Act here and its history here.