Alabama Data Breach Notification Act

Jul 23, 2018

The Act requires all businesses that acquire or use sensitive personally identifiable information (“SPII”) to “implement and maintain reasonable security measures to protect” SPII against security breaches.

SPII is nonpublic information about an individual that includes: a non-truncated SSN or state- or federal issued id number; a financial account number in combination with any code allowing use; certain types of medical or health insurance information; or a user name plus access credentials affording access to an online account containing SPII.

The security program requirements are fairly basic, consistent with those imposed by other applicable federal and state laws, and compliant with industry standards. The measures taken must be practicable, focusing on multiple or systemic data security risks and accounting for the business’ size, amount, type, and uses of SPII, and the costs of the measures in the context of the business’ resources.

> Read Full Story

Original article published by Threat Advice Cybersecurity Journal (2018), 18-19.

Certified Information Privacy Professional (CIPP): USCertified Information Privacy Professional (CIPP): EuropeCertified Information Privacy ManagerRecognized by Best LawyersAlabama State BarMartindale Hubbell AV Preeminent for Etical Standards and Legal AbilityAvvo RatedFellow of Information Privacy (FIP)Privacy Law Specialist (PLS)GDRP Ready