Mandated Timeframe for Breach Reporting and/or Consumer Notification
Within 45 days
Laws related specifically to personal information
Breach Reporting & Consumer Notification
Protect Personal Information
Written Program for Protection & Security
Third Party: Specific Obligations
Third Parties: Mandated Contracts
Requests for Information
Fines & Penalties
Violations of breach and notification laws up to $500,000 per breach
Third Party Management
None to minimal
Violation of notification provisions of the Alabama Data Breach Notification Act shall be liable for a civil penalty of up to $5,000 per day for each consecutive day that the covered entity fails to take reasonable action.
Upon discovery of a breach, the business should conduct an investigation to determine specific details about the breach including, cause, possible harm/risk and possible mitigation methods.
Both applicable businesses and its vendors are required to implement and maintain security measures to protect the sensitive personally identifiable information in their possession, to prevent a breach.
Credit reporting agencies must be notified if more than 1,000 individuals must be provided notice of the incident.
There are specific details that must be included in your consumer notifications.
There are specific details that must be included in your breach reports.
Vendors that experience a breach must notify the data owner as expeditiously as possible and no later than 10 days upon determining a breach has occurred.
Statutes and Laws
Action No. 2018-396 Alabama Data Breach Notification Act of 2018