On March 28, 2018, exactly one week after South Dakota enacted a data breach notification law, and a little over sixteen years since California became the first state to pass a data breach law, Alabama became the fiftieth and final state to pass a data breach notification law. Until recently, Alabama and South Dakota were the only states that did not have data breach notification laws.
Under Senate Bill 318, any person or business entity, including government entities, who handle electronically stored “sensitive personally identifying information” regarding Alabama residents must comply with the new data breach notification law. The law is effective on June 1, 2018 (which is, incidentally, one month before the South Dakota law goes into effect). Continue Reading