8-38-3
Section 8-38-3 Reasonable security measures; assessment. (a) Each covered entity and third-party agent shall implement and maintain reasonable security measures to protect sensitive personally identifying information against a breach of security. (b) Reasonable security measures means security measures practicable for the covered entity subject to subsection (c), to implement and maintain, including consideration of all of the following: (1) Designation of an employee or employees to coordinate the covered entity's security measures to protect against a breach of security. An owner or manager may designate himself or herself. (2) Identification of internal and external risks of a breach of security. (3) Adoption of appropriate information safeguards to address identified risks of a breach of security and assess the effectiveness of such safeguards. (4) Retention of service providers, if any, that are contractually required to maintain appropriate safeguards for sensitive personally...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-3.htm - 2K - Match Info - Similar pages
8-38-10
Section 8-38-10 Disposal of records containing sensitive personally identifying information. A covered entity or third-party agent shall take reasonable measures to dispose, or arrange for the disposal, of records containing sensitive personally identifying information within its custody or control when the records are no longer to be retained pursuant to applicable law, regulations, or business needs. Disposal shall include shredding, erasing, or otherwise modifying the personal information in the records to make it unreadable or undecipherable through any reasonable means consistent with industry standards. (Act 2018-396, ยง10.)...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-10.htm - 943 bytes - Match Info - Similar pages
8-38-4
Section 8-38-4 Investigation of security breach. (a) If a covered entity determines that a breach of security has or may have occurred in relation to sensitive personally identifying information that is accessed, acquired, maintained, stored, utilized, or communicated by, or on behalf of, the covered entity, the covered entity shall conduct a good faith and prompt investigation that includes all of the following: (1) An assessment of the nature and scope of the breach. (2) Identification of any sensitive personally identifying information that may have been involved in the breach and the identity of any individuals to whom that information relates. (3) A determination of whether the sensitive personally identifying information has been acquired or is reasonably believed to have been acquired by an unauthorized person, and is reasonably likely to cause substantial harm to the individuals to whom the information relates. (4) Identification and implementation of measures to restore the...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-4.htm - 2K - Match Info - Similar pages
8-38-2
Section 8-38-2 Definitions. For the purposes of this chapter, the following terms have the following meanings: (1) BREACH OF SECURITY or BREACH. The unauthorized acquisition of data in electronic form containing sensitive personally identifying information. Acquisition occurring over a period of time committed by the same entity constitutes one breach. The term does not include any of the following: a. Good faith acquisition of sensitive personally identifying information by an employee or agent of a covered entity, unless the information is used for a purpose unrelated to the business or subject to further unauthorized use. b. The release of a public record not otherwise subject to confidentiality or nondisclosure requirements. c. Any lawful investigative, protective, or intelligence activity of a law enforcement or intelligence agency of the state, or a political subdivision of the state. (2) COVERED ENTITY. A person, sole proprietorship, partnership, government entity, corporation,...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-2.htm - 4K - Match Info - Similar pages
8-38-5
Section 8-38-5 Notice of security breach - Individuals affected. (a) A covered entity that is not a third-party agent that determines under Section 8-38-4 that, as a result of a breach of security, sensitive personally identifying information has been acquired or is reasonably believed to have been acquired by an unauthorized person, and is reasonably likely to cause substantial harm to the individuals to whom the information relates, shall give notice of the breach to each individual. (b) Notice to individuals under subsection (a) shall be made as expeditiously as possible and without unreasonable delay, taking into account the time necessary to allow the covered entity to conduct an investigation in accordance with Section 8-38-4. Except as provided in subsection (c), the covered entity shall provide notice within 45 days of the covered entity's receipt of notice from a third-party agent that a breach has occurred or upon the covered entity's determination that a breach has occurred...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-5.htm - 4K - Match Info - Similar pages
8-38-9
Section 8-38-9 Violations of notification requirements. (a) A violation of the notification provisions of this chapter is an unlawful trade practice under the Alabama Deceptive Trade Practices Act, Chapter 19 of this title, but does not constitute a criminal offense under Section 8-19-12. The Attorney General shall have the exclusive authority to bring an action for civil penalties under this chapter. (1) A violation of this chapter does not establish a private cause of action under Section 8-19-10. Nothing in this chapter may otherwise be construed to affect any right a person may have at common law, by statute, or otherwise. (2) Any covered entity or third-party agent who is knowingly engaging in or has knowingly engaged in a violation of the notification provisions of this chapter is subject to the penalty provisions set out in Section 8-19-11. For the purposes of this chapter, knowingly shall mean willfully or with reckless disregard in failing to comply with the notice...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-9.htm - 4K - Match Info - Similar pages
9-18-1
Section 9-18-1 Enactment of Southern Interstate Nuclear Compact. The Southern Interstate Nuclear Compact is hereby enacted into law and entered into by the state of Alabama with any and all states legally joining therein in accordance with its terms, in the form substantially as follows: "SOUTHERN INTERSTATE NUCLEAR COMPACT "Article I. Policy and Purpose "The party states recognize that the proper employment of nuclear energy, facilities, materials, and products can assist substantially in the industrialization of the south and the development of a balanced economy for the region. They also recognize that optimum benefit from and acquisition of nuclear resources and facilities requires systematic encouragement, guidance, and assistance from the party states on a cooperative basis. It is the policy of the party states to undertake such cooperation on a continuing basis; it is the purpose of this compact to provide the instruments and framework for such a cooperative effort to improve...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/9-18-1.htm - 16K - Match Info - Similar pages
9-18A-1
Section 9-18A-1 Enactment of Southern States Energy Compact. The Legislature hereby enacts, and the State of Alabama hereby enters into, the Southern States Energy Compact with any and all states legally joining therein in accordance with its terms, in the form substantially as follows: "SOUTHERN STATES ENERGY COMPACT "Article I. Policy and Purpose. "The party states recognize that the proper employment and conservation of energy and employment of energy-related facilities, materials, and products, within the context of a responsible regard for the environment, can assist substantially in the industrialization of the south and the development of a balanced economy for the region. They also recognize that optimum benefit from an acquisition of energy resources and facilities require systematic encouragement, guidance and assistance from the party states on a cooperative basis. It is the policy of the party states to undertake such cooperation on a continuing basis; it is the purpose of...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/9-18A-1.htm - 17K - Match Info - Similar pages
27-62-4
Section 27-62-4 Information security program. (a) Commensurate with the size and complexity of the licensee, the nature and scope of the activities of the licensee, including its use of third-party service providers, and the sensitivity of the nonpublic information used by the licensee or in the possession, custody, or control of the licensee, each licensee shall develop, implement, and maintain a comprehensive written information security program based on the risk assessment of the licensee that contains administrative, technical, and physical safeguards for the protection of nonpublic information and the information system of the licensee. (b) The information security program of a licensee shall be designed to do all of the following: (1) Protect the security and confidentiality of nonpublic information and the security of the information system. (2) Protect against any threats or hazards to the security or integrity of nonpublic information and the information system. (3) Protect...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/27-62-4.htm - 10K - Match Info - Similar pages
27-9A-17
Section 27-9A-17 Fingerprints. (a) In order to make a determination of license eligibility, the commissioner may require fingerprints of applicants and to submit the fingerprints and the fee required to perform the criminal history record checks to the Alabama Department of Public Safety and the Federal Bureau of Investigation for state and national criminal history record checks. (b) The commissioner may require a criminal history record check on each applicant in accordance with this section. The commissioner shall require each applicant to submit a full set of fingerprints, including a scanned file from a hard copy fingerprint, in order for the commissioner to obtain and receive national criminal history records from the Criminal Justice Information Services Division of the Federal Bureau of Investigation. In the case of business entity applicants, the commissioner shall require the submission of fingerprints of all of the following: (1) All executive officers and directors of the...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/27-9A-17.htm - 3K - Match Info - Similar pages
|