As of June 1, 2018, Alabama has become the 50thstate to enforce a data breach notification law to protect the personally identifiable information of its residents. Not unlike other states’ laws, the Alabama law defines “sensitive personally identifying information” as an Alabama resident’s first name or initial and last name in combination with: (a) a Social Security number or tax ID; (b) driver’s license number, passport number or similar ID number; (c) a financial account number, such as a credit card; (d) a person’s medical history, treatment, diagnosis or health insurance policy number; or (e) a user name, email address in combination with a password or security question and answer.
Breach notification must be provided in writing and include the date or estimated date of the breach, a description that was acquired and the actions taken to restore the security and confidentiality of the information involved. Penalties for violation of the act can result in civil penalties of up to $500,000 per breach.
© 2018 Ossian Law P.C.