computer hack (MARCUSZ2527/Shutterstock.com)

All 50 states now have data breach notification laws

All 50 states will have data breach notification laws, now that Alabama has passed legislation to protect disclosure of sensitive personally identifying information, such as Social Security numbers, financial and email account information combined with passwords as well as health information.

The Alabama Data Breach Notification Act of 2018 goes into effect on June 1.  It requires covered entities that acquire or use sensitive personally identifying information to notify affected Alabama residents of a breach if sensitive personally identifying information has been or is believed to have been acquired by an unauthorized individual and substantial harm to affected individuals is “reasonably likely” to result, attorney Zachary Heck wrote on a Lexology blog post.

Those entities covered by the law – both the organization collecting the data and the contractor that stores and processes it -- must maintain reasonable cybersecurity measures. The state defines those measures as having:

  • A designated employee who coordinates data security measures.
  • Documentation of internal and external security risks and adoption of safeguards to protect identified risks.
  • Regular briefings to management on security status.
  • Requirements that contractors maintain appropriate safeguards.

Assessments of a covered entity's security measures will consider whether data security failures are multiple or systemic and take into account factors like the size of the entity, the amount of data lost and what it would have cost to protect against a breach.

These specific requirements for reasonable cybersecurity measures sets the Alabama statute apart from that of other states, Heck wrote.

About the Author

Susan Miller is executive editor at GCN.

Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.

Miller has a BA from West Chester University and an MA in English from the University of Delaware.

Connect with Susan at smiller@gcn.com or @sjaymiller.

inside gcn

  • digital key (wavebreakmedia/Shutterstock.com)

    Encryption management in government hyperconverged IT networks

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group