Alabama Data Breach Notification Act and Automated Data Mapping Solution
On March 28 2018, Alabama Governor Kay Ivey signed into law the Alabama Data Breach Notification Act, Act No. 2018-396, making Alabama the last state to enact a data breach notification law. All 50 states, plus the District of Columbia, Guam, Puerto Rico and the Virgin Islands, have data breach notification laws which apply to various categories of personal information. Failure to account for data collected and processed by an organization, to protect the data, and to comply with the legal requirements could result in substantial fines and even lawsuits.
Clarip makes sense of this evolving data landscape with Automated Data Mapping giving your organization an edge with continuous monitoring and scanning of your data warehouse.
Alabama Data Protection and Breach Notification Requirements
Alabama Data Breach Notification Act applies to companies and government entities that acquire or use sensitive personally identifiable information. “Sensitive personally identifying information,” in turn, is defined as an Alabama resident’s first name or first initial and last name in combination with one or more of the following:
- A non-truncated social security number or tax identification number;
- A non-truncated driver’s license number, state-issued identification card number, passport number, military identification number, or other unique identification number issued on a government document used to verify the identity of a specific individual;
- A financial account number, including a bank account number, credit card number, or debit card number, in combination with any security code, access code, password, expiration date, or PIN, that is necessary to access the financial account or to conduct a transaction that will credit or debit the financial account;