State Breach Law

Alabama Data Breach Notification Law

Ala. Code §§ 8-38-1 to 8-38-12 • Effective 2018-06-01

If your business has a data breach affecting Alabama residents, you must tell them within 45 days. If more than 1,000 people are affected, you also notify the Attorney General.

Notification deadline: 45 days

Enforcement: Alabama Attorney General

Overview

Alabama requires businesses to notify affected residents within 45 days of discovering a breach affecting their sensitive personal information.

Who Must Be Notified

  • Affected Alabama residents
  • Alabama Attorney General (if 1,000+ residents affected)

Covered Data Types

Social Security number, Driver's license number, Financial account numbers, Medical information, Health insurance information

Notification Requirements

  • Written notice required
  • Must describe breach
  • Must include contact information

Is your business exposed?

Exemptions

  • Encrypted data
  • HIPAA-covered entities
  • GLBA-covered entities

Penalties

Up to $500,000 per breach, $5,000 per day for late notification

If You Experience a Breach

  1. 1.

    Notify affected residents within 45 days

  2. 2.

    Notify AG if 1,000+ affected

Official Source

https://www.ago.state.al.us/

Other State Breach Laws

New York, Texas, Florida

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices