All 50 states now have data breach notification laws
- By Susan Miller
- May 01, 2018
All 50 states will have data breach notification laws, now that Alabama has passed legislation to protect disclosure of sensitive personally identifying information, such as Social Security numbers, financial and email account information combined with passwords as well as health information.
The Alabama Data Breach Notification Act of 2018 goes into effect on June 1. It requires covered entities that acquire or use sensitive personally identifying information to notify affected Alabama residents of a breach if sensitive personally identifying information has been or is believed to have been acquired by an unauthorized individual and substantial harm to affected individuals is “reasonably likely” to result, attorney Zachary Heck wrote on a Lexology blog post.
Those entities covered by the law – both the organization collecting the data and the contractor that stores and processes it -- must maintain reasonable cybersecurity measures. The state defines those measures as having:
- A designated employee who coordinates data security measures.
- Documentation of internal and external security risks and adoption of safeguards to protect identified risks.
- Regular briefings to management on security status.
- Requirements that contractors maintain appropriate safeguards.
Assessments of a covered entity's security measures will consider whether data security failures are multiple or systemic and take into account factors like the size of the entity, the amount of data lost and what it would have cost to protect against a breach.
These specific requirements for reasonable cybersecurity measures sets the Alabama statute apart from that of other states, Heck wrote.
Susan Miller is executive editor at GCN.
Over a career spent in tech media, Miller has worked in editorial, print production and online, starting on the copy desk at IDG’s ComputerWorld, moving to print production for Federal Computer Week and later helping launch websites and email newsletter delivery for FCW. After a turn at Virginia’s Center for Innovative Technology, where she worked to promote technology-based economic development, she rejoined what was to become 1105 Media in 2004, eventually managing content and production for all the company's government-focused websites. Miller shifted back to editorial in 2012, when she began working with GCN.
Miller has a BA and MA from West Chester University and did Ph.D. work in English at the University of Delaware.
Connect with Susan at [email protected] or @sjaymiller.