Can I ignore my obligations as a service provider with access to personal information in Alabama? What are the requirements?

Based on the additional context documents provided, as a service provider with access to personal information in Alabama, you cannot ignore your obligations. There are legal requirements that you must comply with.

Requirements for Wireless Communications Service Providers

If you are a wireless communications service provider in Alabama, you are required to provide call location information concerning the telecommunications device of a user to a law enforcement officer upon request in certain emergency situations ^[1.1]. However, a law enforcement officer shall not request information unless it is for the specific purpose of responding to a call for emergency services or in an emergency situation that involves the risk or threat of death or serious physical harm. Additionally, you may establish protocols by which the carrier voluntarily discloses call location information, and you are immune from civil and criminal liability if acting in a reasonable manner and pursuant to the law ^[1.1].

Requirements for Access to Proprietary Information

If you submit proprietary information to the Board, it shall not be open to the public for inspection, and shall only be disclosed to certain individuals, including Board members, members of the Board’s staff, legal counsel, and consultants and experts employed or engaged by the Board ^[4.1]. Prior to disclosure of any proprietary information, the individuals must execute and place on file with the Board a written acknowledgment that they have read and agree to be bound by the rules concerning proprietary information submitted to the Board ^[4.1].

Limits on Redisclosure and Reuse of Nonpublic Personal Financial Information

If you receive nonpublic personal financial information from a nonaffiliated financial institution under an exception, your disclosure and use of that information is limited. You may disclose the information to the affiliates of the financial institution from which you received the information, and you may disclose and use the information pursuant to an exception in the regulation, in the ordinary course of business to carry out the activity covered by the exception under which you received the information ^[3.4]. However, if you receive nonpublic personal financial information from a nonaffiliated financial institution other than under an exception, you may only disclose the information to certain individuals, including the affiliates of the financial institution from which you received the information, and any other person if the disclosure would be lawful if made directly to that person by the financial institution from which you received the information ^[3.4].

Oversee Service Provider Arrangements

As a licensee, you are required to exercise appropriate due diligence in selecting your service providers and require them to implement appropriate measures designed to meet the objectives of the regulation. You must also take appropriate steps to confirm that your service providers have satisfied these obligations ^[2.1].

Exception To Opt Out Requirements For Disclosure Of Nonpublic Personal Financial Information For Service Providers And Joint Marketing

The opt-out requirements do not apply when a licensee provides nonpublic personal financial information to a nonaffiliated third party to perform services for the licensee or functions on the licensee’s behalf, if the licensee provides the initial notice in accordance with Section 5 and enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information, including use under an exception in Sections 15 or 16 in the ordinary course of business to carry out those purposes ^[3.1].

Limits On Disclosure Of Nonpublic Personal Financial Information To Nonaffiliated Third Parties

A licensee may not, directly or through any affiliate, disclose any nonpublic personal financial information about a consumer to a nonaffiliated third party unless all of the following occur: (a) The licensee has provided to the consumer an initial notice as required under Section 5. (b) The licensee has provided to the consumer an opt-out notice as required in Section 8. (c) The licensee has given the consumer a reasonable opportunity, before it discloses the information to the nonaffiliated third party, to opt out of the disclosure. (d) The consumer does not opt out ^[3.5].

Based on the above requirements, you cannot ignore your obligations as a service provider with access to personal information in Alabama.

Source(s):

• [1.1] Wireless communications service provider to provide location information in certain emergency situations.
• [2.1] Oversee Service Provider Arrangements
• [3.1] Exception To Opt Out Requirements For Disclosure Of Nonpublic Personal Financial Information For Service Providers And Joint Marketing
• [4.1] Access To Proprietary Information
• [3.4] Limits On Redisclosure And Reuse Of Nonpublic Personal Financial Information
• [3.5] Limits On Disclosure Of Nonpublic Personal Financial Information To Nonaffiliated Third Parties

Jurisdiction

Alabama

• Privacy