HB37 Alabama 2016 1st Special Session Session

Existing law does not require a person that owns, licenses, or maintains data containing personal information of an Alabama resident to notify the resident if the personal information is breached by an unauthorized person

This bill would create the Alabama Information Protection Act of 2017 to provide for the protection of sensitive personally identifying information and notice to individuals whose personal information has been breached

This bill would require specified entities, including governmental entities and third-party agents, to notify the Attorney General and the individual owners of personal information upon a data security breach

This bill would require these entities to provide notice to credit reporting agencies of security breaches of personal information involving more than 1,000 individuals

This bill would require the Attorney General to annually report certain information relating to security breaches to the Governor and the Legislature

This bill would provide for the disposal of records containing sensitive personally identifying personal information, would authorize enforcement actions by the Attorney General, and would provide for the assessment of civil penalties for failure to provide the required notification

Relating to consumer protection; to require specified entities to take generally acceptable industry practices and measures to protect and secure data containing sensitive personally identifying information in paper or electronic form; to require the entities to notify the Attorney General of data security breaches; to require notice to individuals and credit reporting agencies of data security breaches in certain circumstances; to provide for the disposal of customer records; to provide for enforcement actions by the Attorney General; to provide civil penalties; to provide that this act does not create a private cause of action; and to provide certain exemptions.