SB91 Alabama 2017 Session

Sponsors

Session

Regular Session 2017

Title

Consumers and consumer protection, protection of data containing personal information, notification of breach of to Attorney General and consumers required, disposal of records, civil penalty

Description

<p class="bill_description"> Existing law does not require a person that owns, licenses, or maintains data containing personal information of an Alabama resident to notify the resident if the personal information is breached by an unauthorized person</p><p class="bill_description"> This bill would create the Alabama Information Protection Act of 2017 to provide for the protection of sensitive personally identifying information and notice to individuals whose personal information has been breached</p><p class="bill_description"> This bill would require specified entities, including governmental entities and third-party agents, to notify the Attorney General and the individual owners of personal information upon a data security breach</p><p class="bill_description"> This bill would require these entities to provide notice to credit reporting agencies of security breaches of personal information involving more than 1,000 individuals</p><p class="bill_description"> This bill would require the Attorney General to annually report certain information relating to security breaches to the Governor and the Legislature</p><p class="bill_description"> This bill would provide for the disposal of records containing sensitive personally identifying personal information, would authorize enforcement actions by the Attorney General, and would provide for the assessment of civil penalties for failure to provide the required notification</p><p class="bill_entitled_an_act"> Relating to consumer protection; to require specified entities to take generally acceptable industry practices and measures to protect and secure data containing sensitive personally identifying information in paper or electronic form; to require the entities to notify the Attorney General of data security breaches; to require notice to individuals and credit reporting agencies of data security breaches in certain circumstances; to provide for the disposal of customer records; to provide for enforcement actions by the Attorney General; to provide civil penalties; to provide that this act does not create a private cause of action; and to provide certain exemptions. </p>

Subjects

Consumers and Consumer Protection