03.8.2018 | Articles / Publications
Burr Alert: Insights into SB318: Alabama’s Proposed Data Breach Notification Requirements
Alabama and South Dakota are the only two states that have not passed a data breach notification and reporting law. On March 1, 2018, Alabama got one step closer to not finishing dead last when the Alabama senate passed SB318—Alabama’s version of a data breach notification and reporting requirement. You can read the bill here. SB318 will now go to the Alabama House of Representatives for a vote.
SB318 requires breached entities (persons or business entities that acquire or use personally identifiable information) to notify Alabama’s attorney general, Alabama residents whose information has been compromised and consumer credit-reporting agencies of breaches if:
- Sensitive information is reasonably believed to have been acquired by an unauthorized person; AND
- Is reasonably likely to cause substantial harm to the individuals.
Even if a breach is not a reportable event, the data owner must maintain relevant records for at least five years.
Download the full article, “Insights into SB318: Alabama’s Proposed Data Breach Notification Requirements” written by Fob James