Alabama recently became the 50th state to pass a data breach notification law.
By expressly defining what may constitute “reasonable” security measures, Alabama has provided a “roadmap” for entities subject to the law. At the same time, Alabama has arguably set a higher standard and burden for those entities. Those businesses that collect and store the information of Alabama residents must evaluate their security programs in order to protect “sensitive personally identifiable information” and ensure compliance with the law and endeavor to prevent the breach of that information. |