Can I ensure that my company is compliant with expanding privacy protections in Alabama? What are the requirements?

Ensuring Compliance with Expanding Privacy Protections in Alabama

To ensure compliance with expanding privacy protections in Alabama, companies must adhere to the requirements outlined in the Alabama Administrative Code (ALAC) Section 482-1-122. This section outlines the rules and regulations for the collection, use, and disclosure of nonpublic personal financial information by licensees.

Initial Privacy Notice

A licensee must provide a clear and conspicuous initial notice that accurately reflects its privacy policies and practices to both the customer and the consumer before disclosing any nonpublic personal financial information about the consumer to any nonaffiliated third party ^[1.3]. The initial notice must include the following information:

• The categories of nonpublic personal financial information that the licensee collects
• The categories of nonpublic personal financial information that the licensee discloses
• The categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information, other than those parties to whom the licensee discloses information under Sections 15 and 16
• The categories of nonpublic personal financial information about the licensee’s former customers that the licensee discloses and the categories of affiliates and nonaffiliated third parties to whom the licensee discloses nonpublic personal financial information about the licensee’s former customers, other than those parties to whom the licensee discloses information under Sections 15 and 16
• An explanation of the consumer’s right under Section 11A to opt out of the disclosure of nonpublic personal financial information to nonaffiliated third parties, including the methods by which the consumer may exercise that right at that time
• The licensee’s policies and practices with respect to protecting the confidentiality and security of nonpublic personal information ^[1.4]

Revised Privacy Notice

A licensee shall provide a revised notice before it discloses any new category of nonpublic personal financial information to any nonaffiliated third party, nonpublic personal financial information to a new category of nonaffiliated third party, or nonpublic personal financial information about a former customer to a nonaffiliated third party, if that former customer has not had the opportunity to exercise an opt-out right regarding that disclosure ^[1.1]. The revised notice must include the same information as the initial notice.

Opt-Out Notice

A licensee must provide a new opt-out notice to the consumer when providing a revised privacy notice ^[1.1].

Annual Privacy Notice

A licensee shall provide a clear and conspicuous notice to customers that accurately reflects its privacy policies and practices not less than annually during the continuation of the customer relationship ^[1.2]. The annual notice must include the same information as the initial notice.

Delivery

When a licensee is required to deliver an initial, revised, or annual privacy notice, the licensee shall deliver it according to Section 10 ^{[1.3][1.1][1.2]}.

Exceptions

A licensee is not required to provide an initial notice to a consumer if the licensee does not disclose any nonpublic personal financial information about the consumer to any nonaffiliated third party, other than as authorized by Sections 15 and 16, and the licensee does not have a customer relationship with the consumer ^[1.3].

Penalties

Failure to comply with the requirements outlined in ALAC Section 482-1-122 may result in penalties and fines ^[1.1].

Additional Requirements

If your company provides professional employer services in Alabama, you must register under ALCA 25-14-5 and file a completed registration form that includes information such as the name and address of the principal place of business, taxpayer or employer identification number, and financial statement ^[2.1].

Therefore, to ensure compliance with expanding privacy protections in Alabama, companies must provide initial, revised, and annual privacy notices, opt-out notices, and adhere to the delivery requirements outlined in ALAC Section 482-1-122. Additionally, if your company provides professional employer services in Alabama, you must register under ALCA 25-14-5.

Source(s):

• [1.1] Revised Privacy Notices
• [1.2] Annual Privacy Notice To Customers Required
• [1.3] Initial Privacy Notice To Consumers Required
• [1.4] Information To Be Included In Privacy Notices
• [2.1] Registration requirements; limited registration; reciprocity; fees.

Jurisdiction

Alabama

• Privacy