Ask Reggi Your Question Now
Can you summarize 8 ALCA Chapter 38?
COMMERCIAL LAW AND CONSUMER PROTECTION. > Data Breach Notification Act of 2018.
Short Summary
The Data Breach Notification Act of 2018 applies to covered entities that are not third-party agents. It requires covered entities to give notice of a security breach to individuals if sensitive personally identifying information has been acquired by an unauthorized person and is reasonably likely to cause substantial harm. The notice should be provided as expeditiously as possible, within 45 days of the covered entity’s receipt of notice from a third-party agent or upon the covered entity’s determination of a breach. However, notice may be delayed if it would interfere with a criminal investigation or national security. The notice should include the date or estimated date range of the breach, a description of the acquired information, actions taken to restore security, steps individuals can take to protect themselves, and contact information for the covered entity. Substitute notice may be provided if direct notice is not feasible due to excessive cost, lack of contact information, or a large number of affected individuals. The covered entity must document the determination if it determines that notice is not required. The document does not specify penalties for non-compliance or violations.
Whom does it apply to?
The act applies to covered entities that are not third-party agents.
What does it govern?
The Data Breach Notification Act of 2018 governs the obligations of covered entities in the event of a security breach.
What are exemptions?
Entities subject to or regulated by state or federal laws, rules, regulations, procedures, or guidance on data breach notification are exempt from this act if they maintain procedures and provide notice as required by those laws.
What are the Penalties?
The document does not specify penalties for non-compliance or violations.
Jurisdiction
Alabama