8-38-8
Section 8-38-8 Notice of security breach - Covered entity. In the event a third-party agent has experienced a breach of security in the system maintained by the agent, the agent shall notify the covered entity of the breach of security as expeditiously as possible and without unreasonable delay, but no later than 10 days following the determination of the breach of security or reason to believe the breach occurred. After receiving notice from a third-party agent, a covered entity shall provide notices required under Sections 8-38-5 and 8-38-6. A third-party agent, in cooperation with a covered entity, shall provide information in the possession of the third-party agent so that the covered entity can comply with its notice requirements. A covered entity may enter into a contractual agreement with a third-party agent whereby the third-party agent agrees to handle notifications required under this chapter. (Act 2018-396, §8.)...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-8.htm - 1K - Match Info - Similar pages
8-38-5
entity, or by email notice sent to the email address of the individual in the records of the covered entity. The notice shall include, at a minimum, all of the following: (1) The date, estimated date, or estimated date range of the breach. (2) A description of the sensitive personally identifying information that was acquired by an unauthorized person as part of the breach. (3) A general description of the actions taken by a covered entity to restore the security and confidentiality of the personal information involved in the breach. (4) A general description of steps an affected individual can take to protect himself or herself from identity theft. (5) Information that the individual can use to contact the covered entity to inquire about the breach. (e)(1) A covered entity required to provide notice to any individual under this section may provide substitute notice in lieu of direct notice, if direct notice is not feasible due to any of the following: a. Excessive cost. The term...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-5.htm - 4K - Match Info - Similar pages
8-38-6
Section 8-38-6 Notice of security breach - Attorney General. (a) If the number of individuals a covered entity is required to notify under Section 8-38-5 exceeds 1,000, the entity shall provide written notice of the breach to the Attorney General as expeditiously as possible and without unreasonable delay. Except as provided in subsection (c) of Section 8-38-5, the covered entity shall provide the notice within 45 days of the covered entity's receipt of notice from a third-party agent that a breach has occurred or upon the entity's determination that a breach has occurred and is reasonably likely to cause substantial harm to the individuals to whom the information relates. (b) Written notice to the Attorney General shall include all of the following: (1) A synopsis of the events surrounding the breach at the time that notice is provided. (2) The approximate number of individuals in the state who were affected by the breach. (3) Any services related to the breach being offered or...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-6.htm - 1K - Match Info - Similar pages
8-38-9
Section 8-38-9 Violations of notification requirements. (a) A violation of the notification provisions of this chapter is an unlawful trade practice under the Alabama Deceptive Trade Practices Act, Chapter 19 of this title, but does not constitute a criminal offense under Section 8-19-12. The Attorney General shall have the exclusive authority to bring an action for civil penalties under this chapter. (1) A violation of this chapter does not establish a private cause of action under Section 8-19-10. Nothing in this chapter may otherwise be construed to affect any right a person may have at common law, by statute, or otherwise. (2) Any covered entity or third-party agent who is knowingly engaging in or has knowingly engaged in a violation of the notification provisions of this chapter is subject to the penalty provisions set out in Section 8-19-11. For the purposes of this chapter, knowingly shall mean willfully or with reckless disregard in failing to comply with the notice...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-9.htm - 4K - Match Info - Similar pages
7-1-201
in size than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same or lesser size; and (B) Language in the body of a record or display in larger type than the surrounding text, or in contrasting type, font, or color to the surrounding text of the same size, or set off from surrounding text of the same size by symbols or other marks that call attention to the language. (11) "Consumer" means an individual who enters into a transaction primarily for personal, family, or household purposes. (12) "Contract," as distinguished from "agreement," means the total legal obligation that results from the parties' agreement as determined by this title as supplemented by any other applicable laws. (13) "Creditor" includes a general creditor, a secured creditor, a lien creditor, and any representative of creditors, including an assignee for the benefit of creditors, a trustee in bankruptcy, a receiver in equity, and an executor or administrator of an...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/7-1-201.htm - 11K - Match Info - Similar pages
8-38-3
Section 8-38-3 Reasonable security measures; assessment. (a) Each covered entity and third-party agent shall implement and maintain reasonable security measures to protect sensitive personally identifying information against a breach of security. (b) Reasonable security measures means security measures practicable for the covered entity subject to subsection (c), to implement and maintain, including consideration of all of the following: (1) Designation of an employee or employees to coordinate the covered entity's security measures to protect against a breach of security. An owner or manager may designate himself or herself. (2) Identification of internal and external risks of a breach of security. (3) Adoption of appropriate information safeguards to address identified risks of a breach of security and assess the effectiveness of such safeguards. (4) Retention of service providers, if any, that are contractually required to maintain appropriate safeguards for sensitive personally...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-3.htm - 2K - Match Info - Similar pages
8-38-2
Section 8-38-2 Definitions. For the purposes of this chapter, the following terms have the following meanings: (1) BREACH OF SECURITY or BREACH. The unauthorized acquisition of data in electronic form containing sensitive personally identifying information. Acquisition occurring over a period of time committed by the same entity constitutes one breach. The term does not include any of the following: a. Good faith acquisition of sensitive personally identifying information by an employee or agent of a covered entity, unless the information is used for a purpose unrelated to the business or subject to further unauthorized use. b. The release of a public record not otherwise subject to confidentiality or nondisclosure requirements. c. Any lawful investigative, protective, or intelligence activity of a law enforcement or intelligence agency of the state, or a political subdivision of the state. (2) COVERED ENTITY. A person, sole proprietorship, partnership, government entity, corporation,...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-2.htm - 4K - Match Info - Similar pages
40-29-22
the existence of such lien. (2) MOTOR VEHICLES. With respect to a motor vehicle (as defined in subsection (g)(3)), as against a purchaser of such motor vehicle, if: a. At the time of the purchase such purchaser did not have actual notice or knowledge of the existence of such lien; and b. Before the purchaser obtains such notice or knowledge, he has acquired possession of such motor vehicle and has not thereafter relinquished possession of such motor vehicle to the seller or his agent. (3) PERSONAL PROPERTY PURCHASED AT RETAIL. With respect to tangible personal property purchased at retail, as against a purchaser in the ordinary course of the seller's trade or business, unless at the time of such purchase such purchaser intends such purchase to (or knows such purchase will) hinder, evade, or defeat the collection of any tax under this title. (4) PERSONAL PROPERTY PURCHASED IN CASUAL SALE. With respect to household goods, personal effects, or other tangible personal property purchased...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/40-29-22.htm - 17K - Match Info - Similar pages
27-60-2
committees as its bylaws may provide for the carrying out of its functions. 4. Corporate records of the commission. The commission shall maintain its corporate books and records in accordance with the bylaws. 5. Qualified immunity, defense, and indemnification. a. The members, officers, executive director, employees, and representatives of the commission shall be immune from suit and liability, either personally or in their official capacity, for any claim for damage to or loss of property or personal injury or other civil liability caused by or arising out of any actual or alleged act, error, or omission that occurred, or that the person against whom the claim is made had a reasonable basis for believing occurred within the scope of commission employment, duties, or responsibilities. Nothing in this paragraph shall be construed to protect any such person from suit or liability, or both, for any damage, loss, injury, or liability caused by the intentional or willful and wanton...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/27-60-2.htm - 45K - Match Info - Similar pages
8-38-7
Section 8-38-7 Notice of security breach - Consumer reporting agencies. If a covered entity discovers circumstances requiring notice under Section 8-38-5 of more than 1,000 individuals at a single time, the entity shall also notify, without unreasonable delay, all consumer reporting agencies that compile and maintain files on consumers on a nationwide basis, as defined in the Fair Credit Reporting Act, 15 U.S.C. §1681a, of the timing, distribution, and content of the notices. (Act 2018-396, §7.)...
alisondb.legislature.state.al.us/alison/CodeOfAlabama/1975/8-38-7.htm - 810 bytes - Match Info - Similar pages
|