On March 28, 2018, Alabama adopted a data privacy law, the Alabama Data Breach Notification Actof 2018 (SB318). While Alabama is one of the last states to adopt such an act, the Act is notable in its requirements, and applies to any “person, sole proprietorship, partnership, government entity, corporation, nonprofit, trust, estate, cooperative association, or other business entity” that acquires, has possession of, or uses Sensitive Personally Identifying Information. The stated objective of the breach is protecting the data of Alabama residents, and it defines a breach as the “unauthorized acquisition of data in electronic form containing sensitive personally identifying information.”
Please see full publication below for more information.