Mandated Timeframe for Breach Reporting and/or Consumer Notification

Within 45 days
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection & Security
  • Third Party: Specific Obligations
  • Third Parties: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws:
- up to $500,000 per breach

Regulation Levels
  • Breach Reporting
  • Consumer Notification
  • Third Party Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Violation of notification provisions of the Alabama Data Breach Notification Act shall be liable for a civil penalty of up to $5,000 per day for each consecutive day that the covered entity fails to take reasonable action.
  • Upon discovery of a breach, the business should conduct an investigation to determine specific details about the breach including, cause, possible harm/risk and possible mitigation methods.
  • Both applicable businesses and its vendors are required to implement and maintain security measures to protect the sensitive personally identifiable information in their possession, to prevent a breach.
  • Credit reporting agencies must be notified if more than 1,000 individuals must be provided notice of the incident.
  • There are specific details that must be included in your consumer notifications.
  • There are specific details that must be included in your breach reports.
  • Vendors that experience a breach must notify the data owner as expeditiously as possible and no later than 10 days upon determining a breach has occurred.
Statutes and Laws
  • Action No. 2018-396 Alabama Data Breach Notification Act of 2018
BAck to map