Today, Alabama becomes the 50th state in the nation to require data breach notification. Alabama’s Data Breach Notification Act of 2018 requires notification to any affected individual when a business determines breached data could cause substantial harm to the consumer. Breaches of more than 1,000 individuals also must be reported to Alabama’s attorney general and consumer credit-reporting agencies. The new law lays out specific actions breached businesses must make and guidance for reasonable security measures.
In a conference call last month to Alabama Retail Association members, Montgomery attorney Ted Hosp, one of the primary negotiators on the legislation, reviewed steps to take if sensitive information is stolen that is likely to cause harm to the consumer.
Stolen information that could trigger the law includes a person’s first and last name along with such numbers as Social Security, tax identification, driver’s license, financial account or health insurance.
Familiarity with the law matters to retailers, because protecting customer relationships through strong data security is top of mind for all retailers.
More on this law from Alabama Retail