8-38-3
Section 8-38-3 Reasonable security measures; assessment. (a) Each covered entity and third-party
agent shall implement and maintain reasonable security measures to protect sensitive personally
identifying information against a breach of security. (b) Reasonable security measures means
security measures practicable for the covered entity subject to subsection (c), to implement
and maintain, including consideration of all of the following: (1) Designation of an employee
or employees to coordinate the covered entity's security measures to protect against a breach
of security. An owner or manager may designate himself or herself. (2) Identification of internal
and external risks of a breach of security. (3) Adoption of appropriate information safeguards
to address identified risks of a breach of security and assess the effectiveness of such safeguards.
(4) Retention of service providers, if any, that are contractually required to maintain appropriate
safeguards for sensitive personally...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-3.htm - 2K - Match Info - Similar pages

8-38-10
Section 8-38-10 Disposal of records containing sensitive personally identifying information.
A covered entity or third-party agent shall take reasonable measures to dispose, or arrange
for the disposal, of records containing sensitive personally identifying information within
its custody or control when the records are no longer to be retained pursuant to applicable
law, regulations, or business needs. Disposal shall include shredding, erasing, or otherwise
modifying the personal information in the records to make it unreadable or undecipherable
through any reasonable means consistent with industry standards. (Act 2018-396, §10.)...

alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-10.htm - 943 bytes - Match Info - Similar pages

8-38-4
Section 8-38-4 Investigation of security breach. (a) If a covered entity determines that a
breach of security has or may have occurred in relation to sensitive personally identifying
information that is accessed, acquired, maintained, stored, utilized, or communicated by,
or on behalf of, the covered entity, the covered entity shall conduct a good faith and prompt
investigation that includes all of the following: (1) An assessment of the nature and scope
of the breach. (2) Identification of any sensitive personally identifying information that
may have been involved in the breach and the identity of any individuals to whom that information
relates. (3) A determination of whether the sensitive personally identifying information has
been acquired or is reasonably believed to have been acquired by an unauthorized person, and
is reasonably likely to cause substantial harm to the individuals to whom the information
relates. (4) Identification and implementation of measures to restore the...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-4.htm - 2K - Match Info - Similar pages

8-38-2
Section 8-38-2 Definitions. For the purposes of this chapter, the following terms have the
following meanings: (1) BREACH OF SECURITY or BREACH. The unauthorized acquisition of data
in electronic form containing sensitive personally identifying information. Acquisition occurring
over a period of time committed by the same entity constitutes one breach. The term does not
include any of the following: a. Good faith acquisition of sensitive personally identifying
information by an employee or agent of a covered entity, unless the information is used for
a purpose unrelated to the business or subject to further unauthorized use. b. The release
of a public record not otherwise subject to confidentiality or nondisclosure requirements.
c. Any lawful investigative, protective, or intelligence activity of a law enforcement or
intelligence agency of the state, or a political subdivision of the state. (2) COVERED ENTITY.
A person, sole proprietorship, partnership, government entity, corporation,...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-2.htm - 4K - Match Info - Similar pages

8-38-5
entity, or by email notice sent to the email address of the individual in the records of the
covered entity. The notice shall include, at a minimum, all of the following: (1) The date,
estimated date, or estimated date range of the breach. (2) A description of the sensitive
personally identifying information that was acquired by an unauthorized person as part of
the breach. (3) A general description of the actions taken by a covered entity to restore
the security and confidentiality of the personal information involved in the breach.
(4) A general description of steps an affected individual can take to protect himself or herself
from identity theft. (5) Information that the individual can use to contact the covered entity
to inquire about the breach. (e)(1) A covered entity required to provide notice to any individual
under this section may provide substitute notice in lieu of direct notice, if direct notice
is not feasible due to any of the following: a. Excessive cost. The term...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-5.htm - 4K - Match Info - Similar pages

8-38-9
Section 8-38-9 Violations of notification requirements. (a) A violation of the notification
provisions of this chapter is an unlawful trade practice under the Alabama Deceptive Trade
Practices Act, Chapter 19 of this title, but does not constitute a criminal offense under
Section 8-19-12. The Attorney General shall have the exclusive authority to bring an action
for civil penalties under this chapter. (1) A violation of this chapter does not establish
a private cause of action under Section 8-19-10. Nothing in this chapter may otherwise be
construed to affect any right a person may have at common law, by statute, or otherwise. (2)
Any covered entity or third-party agent who is knowingly engaging in or has knowingly engaged
in a violation of the notification provisions of this chapter is subject to the penalty provisions
set out in Section 8-19-11. For the purposes of this chapter, knowingly shall mean willfully
or with reckless disregard in failing to comply with the notice...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-9.htm - 4K - Match Info - Similar pages

9-18-1
this compact any and all donations, and grants of money, equipment, supplies, materials, and
services (conditional or otherwise) from any state or the United States or any subdivision
or agency thereof, or interstate agency, or from any institution, person, firm, or corporation,
and may receive, utilize and dispose of the same. "(i) The board may establish and maintain
such facilities as may be necessary for the transacting of its business. The board may acquire,
hold, and convey real and personal property and any interest therein. "(j) The
board shall adopt bylaws, rules, and regulations for the conduct of its business, and shall
have the power to amend and rescind these bylaws, rules, and regulations. The board shall
publish its bylaws, rules, and regulations in convenient form and shall file a copy thereof,
and shall also file a copy of any amendment thereto, with the appropriate agency or officer
in each of the party states. "(k) The board annually shall make to the governor of...

alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/9-18-1.htm - 16K - Match Info - Similar pages

9-18A-1
under this compact any and all donations and grants of money, equipment, supplies, materials
and services (conditional or otherwise) from any state or the United States or any subdivision
or agency thereof, or interstate agency, or from any institution, person, firm or corporation,
and may receive, utilize and dispose of the same. "(i) The board may establish and maintain
such facilities as may be necessary for the transacting of its business. The board may acquire,
hold and convey real and personal property and any interest therein. "(j) The
board shall adopt bylaws, rules and regulations in convenient form, and shall also file a
copy of any amendment thereto, with the appropriate agency or officer in each of the party
states. "(k) The board annually shall make to the governor of each party state, a report
covering the activities of the board for the preceding year, and embodying such recommendations
as may have been adopted by the board, which report shall be transmitted to the...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/9-18A-1.htm - 17K - Match Info - Similar pages

27-62-4
Section 27-62-4 Information security program. (a) Commensurate with the size and complexity
of the licensee, the nature and scope of the activities of the licensee, including its use
of third-party service providers, and the sensitivity of the nonpublic information used by
the licensee or in the possession, custody, or control of the licensee, each licensee shall
develop, implement, and maintain a comprehensive written information security program based
on the risk assessment of the licensee that contains administrative, technical, and physical
safeguards for the protection of nonpublic information and the information system of the licensee.
(b) The information security program of a licensee shall be designed to do all of the following:
(1) Protect the security and confidentiality of nonpublic information and the security of
the information system. (2) Protect against any threats or hazards to the security or integrity
of nonpublic information and the information system. (3) Protect...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/27-62-4.htm - 10K - Match Info - Similar pages

27-9A-17
Section 27-9A-17 Fingerprints. (a) In order to make a determination of license eligibility,
the commissioner may require fingerprints of applicants and to submit the fingerprints and
the fee required to perform the criminal history record checks to the Alabama Department of
Public Safety and the Federal Bureau of Investigation for state and national criminal history
record checks. (b) The commissioner may require a criminal history record check on each applicant
in accordance with this section. The commissioner shall require each applicant to submit a
full set of fingerprints, including a scanned file from a hard copy fingerprint, in order
for the commissioner to obtain and receive national criminal history records from the Criminal
Justice Information Services Division of the Federal Bureau of Investigation. In the case
of business entity applicants, the commissioner shall require the submission of fingerprints
of all of the following: (1) All executive officers and directors of the...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/27-9A-17.htm - 3K - Match Info - Similar pages