On March 28, 2018, Alabama adopted a data privacy law, the Alabama Data Breach Notification Act of 2018 (SB318). While Alabama is one of the last states to adopt such an act, the Act is notable in its requirements, and applies to any “person, sole proprietorship, partnership, government entity, corporation, nonprofit, trust, estate, cooperative association, or other business entity” that acquires, has possession of, or uses Sensitive Personally Identifying Information. The stated objective of the breach is protecting the data of Alabama residents, and it defines a breach as the “unauthorized acquisition of data in electronic form containing sensitive personally identifying information.”
Originally Published in the Birmingham Medical News - April 2018.
Please see full publication below for more information.