computer hack (MARCUSZ2527/

All 50 states now have data breach notification laws

All 50 states will have data breach notification laws, now that Alabama has passed legislation to protect disclosure of sensitive personally identifying information, such as Social Security numbers, financial and email account information combined with passwords as well as health information.

The Alabama Data Breach Notification Act of 2018 goes into effect on June 1.  It requires covered entities that acquire or use sensitive personally identifying information to notify affected Alabama residents of a breach if sensitive personally identifying information has been or is believed to have been acquired by an unauthorized individual and substantial harm to affected individuals is “reasonably likely” to result, attorney Zachary Heck wrote on a Lexology blog post.

Those entities covered by the law – both the organization collecting the data and the contractor that stores and processes it -- must maintain reasonable cybersecurity measures. The state defines those measures as having:

  • A designated employee who coordinates data security measures.
  • Documentation of internal and external security risks and adoption of safeguards to protect identified risks.
  • Regular briefings to management on security status.
  • Requirements that contractors maintain appropriate safeguards.

Assessments of a covered entity's security measures will consider whether data security failures are multiple or systemic and take into account factors like the size of the entity, the amount of data lost and what it would have cost to protect against a breach.

These specific requirements for reasonable cybersecurity measures sets the Alabama statute apart from that of other states, Heck wrote.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.

Connect with Susan at [email protected] or @sjaymiller.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected