There are only two states in the U.S. that have yet to enact data breach notification laws, but that may change in 2018. Several weeks ago, the South Dakota state legislature announced that a data breach notification bill (Senate Bill No. 62) was pending. Now, Alabama is following suit.
On March 1st, the Alabama Senate unanimously passed Senate Bill 318, the Alabama Data Breach Notification Act. The bill now moves to the House of Representatives for consideration. The bill sponsored by state Senator Arthur Orr (R-Decatur) would require companies facing a data breach to notify affected individuals within 45 days of determination that a breach has occurred and is reasonably likely to cause substantial harm. Although there are no criminal penalties for companies that fail to notify affected individuals, the Attorney General’s office can issue fines of up to $5,000 per day, and file a lawsuit on behalf of the affected individuals. A private action is not available.
“Alabama is one of two states that doesn’t have a data breach notification law,” Sen. Arthur Orr said. “In the case of a breach, businesses and organizations, including state government, are under no obligation to tell a person their information may have been compromised.”
Over the past year, Alabama Attorney General Steve Marshall has both worked on and been vocally supportive of the bill. “I want to thank the Alabama Senate, and Senator Orr in particular, for moving this bill forward and taking us one step closer to giving Alabama consumers the same protections as the citizens of 48 other states who already receive notifications when their sensitive personal information has been hacked,” Marshall said. “This is a big win for Alabama consumers and I look forward to working with the House to cross the finish line.”
High-profile data breaches have been a “wake-up call” for state legislators across the U.S., and Marshall emphasized, “It is long overdue”. The coming years will likely bring a variety of amendments to already existing state data breach notification laws. Review our articles on recent trends in other state data breach notification laws: