HB410 Alabama 2018 Session

Summary

Primary Sponsor

Phil Williams

Republican

Session

Regular Session 2018

Title

Consumer protection, Alabama Data Breach Notification Act

Summary

HB 410 would require certain entities in Alabama to notify individuals and take steps to protect sensitive personal information when a data breach occurs.

What This Bill Does

If a breach happens, covered entities and their third-party agents must investigate and determine which individuals are affected and notify them within 45 days with details about the breach and steps to protect themselves. For breaches affecting more than 1,000 people, the entity must also notify the Alabama Attorney General and, if applicable, consumer reporting agencies, with provisions for substitute notices when needed. Third-party agents must inform the covered entity within 10 days so the entity can comply with notifications. Government entities have related requirements and must report breaches annually.

Who It Affects

• Alabama residents whose sensitive personal information could be exposed in a breach, who would receive notices and guidance.
• Covered entities and third-party agents that handle sensitive personal information, who would have to implement security measures and issue notifications.

Key Provisions

• Notice to individuals: requires notifying affected individuals within 45 days of breach determination, including the date or estimated date, what data was involved, steps taken to restore security, guidance to protect against identity theft, and contact information; substitute notice allowed if direct notice is not feasible.
• Security measures and enforcement: requires covered entities and third-party agents to implement reasonable security measures (including appointing a security coordinator, assessing risks, applying safeguards, managing service providers, and disposing of records securely) and imposes penalties for noncompliance, with additional requirements to notify the Attorney General for large breaches and to report breaches by government entities annually.

AI-generated summary using openai/gpt-5-nano on Feb 24, 2026. May contain errors — refer to the official bill text for accuracy.

Subjects

Consumers and Consumer Protection