Alabama Data Breach Notification Act
The Act requires all businesses that acquire or use sensitive personally identifiable information (“SPII”) to “implement and maintain reasonable security measures to protect” SPII against security breaches.
SPII is nonpublic information about an individual that includes: a non-truncated SSN or state- or federal issued id number; a financial account number in combination with any code allowing use; certain types of medical or health insurance information; or a user name plus access credentials affording access to an online account containing SPII.
The security program requirements are fairly basic, consistent with those imposed by other applicable federal and state laws, and compliant with industry standards. The measures taken must be practicable, focusing on multiple or systemic data security risks and accounting for the business’ size, amount, type, and uses of SPII, and the costs of the measures in the context of the business’ resources.
Original article published by Threat Advice Cybersecurity Journal (2018), 18-19.
© Privacy Counsel LLC 2018. All rights reserved. Legal services provided by Paige Boshell. No representation is made that the quality of the legal services to be performed is greater than the quality of legal services to be performed by other lawyers. Attorney advertising.
Website by dandelion marketing.