By Brandon Moseley
Alabama Political Reporter
Thursday, Alabama Attorney General Steve Marshall praised the Alabama Senate for passage of Senate Bill 318, the Alabama Data Breach Notification Act, by a vote of 24-0.
The legislation was sponsored by Senator Arthur Orr, R-Decatur, requires that entities doing business in Alabama have to disclose to consumers if their personal data has been compromised in a data breach. Alabama is currently one of only two states without a data breach notification law, though legislation has been filed in previous legislative sessions.
“I want to thank the Alabama Senate, and Senator Orr in particular, for moving this bill forward and taking us one step closer to giving Alabama consumers the same protections as the citizens of 48 other states who already receive notifications when their sensitive personal information has been hacked,” Marshall said. “This is a big win for Alabama consumers and I look forward to working with the House to cross the finish line.”
Alabama and South Dakota are the only states in the nation that don’t currently require companies to report the theft of electronic consumer information.
“Equifax reported this week that 2.4 million Americans were affected by a breach last year of the company’s data,” Orr said. “Virtually all of our vital personal information – including Social Security numbers, military IDs, drivers’ licenses, bank account numbers, and medical data – is now online. With this bill, consumers will know if their information has been compromised and what steps a company is taking to recover and protect consumers’ data.”
If hackers steal sensitive personal information from a private company or a state agency, the Data Breach Notification Act requires the company or agency to notify the affected consumers within forty-five days of the breach’s discovery.
Should a breach affect more than 1,000 people, the company or agency must notify the state Attorney General’s Office, and if the breach concerns more than 500,000 people, the company or agency must post notices online, and in the newspapers, TV, and radio stations where the affected consumers live.
“I appreciate Attorney General Steve Marshall for partnering with me on this legislation. It is imperative we do everything we can to protect the privacy of Alabamians’ medical and financial information,” Orr said.
If a company or state agency fails to notify consumers of a data breach, the Attorney General’s office can assess fines of $5,000 per day and file a lawsuit on behalf of the affected individuals.
“This is a strong piece of pro-consumer legislation and we applaud the Senate’s action today,” Marshall said of the bill.
SB318 now goes to the Alabama House of Representatives for their consideration.
