Existing law does not require a person that owns, licenses, or maintains data containing personal information of an Alabama resident to notify the resident if the personal information is breached by an unauthorized person.
This bill would create the Alabama Information Protection Act of 2015 to provide for the protection of personal information and notice to individuals whose personal information has been breached.
This bill would require specified entities, including governmental entities and third-party agents, to notify the Attorney General and the individual owners of personal information upon a data security breach.
This bill would require these entities to provide notice to credit reporting agencies of security breaches of personal information involving more than 1,000 individuals.
This bill would require the Attorney General to annually report certain information relating to security breaches to the Governor and the Legislature.
This bill would provide for the disposal of records containing personal information, would authorize enforcement actions by the Attorney General, and would provide for the assessment of civil penalties for failure to provide the required notification.
This bill would also prohibit a person from retaining certain data from a credit, debit, or other financial card for a specified period of time and would require persons in violation to reimburse financial institutions for certain costs upon a breach of security.
Indefinitely Postponed
Orr motion to Carry Over to the Call of the Chair adopted Voice Vote
Motion to Adopt adopted Roll Call 482
Orr Amendment Offered
Motion to Adopt adopted Roll Call 481
Judiciary first Substitute Offered
Third Reading Carried Over to Call of the Chair
Read for the second time and placed on the calendar with 1 substitute and
Read for the first time and referred to the Senate committee on Judiciary
Source: Alabama Legislature