data breach notification law

The Cabinet in Ottawa quietly proclaimed on March 26, 2018 that the official implementation date for Canada’s much-needed and long-awaited mandatory data breach notification laws will be November 1, 2018.  Oddly enough, the regulations regarding notification have not yet been finalized.   Continue Reading Canada’s Data Breach Notification Law Goes Into Effect November 1, 2018

On March 28, Alabama’s governor signed into law a data breach notification law.  It is the last state in the country to do so, closely trailing South Dakota.   Fifteen years ago, California was the first state to enact a data breach notification law.  The Alabama law applies to electronically stored “sensitive personally identifying information.”  Such information involves a name plus at least one of the following:  SSN, government issued identification number, financial account number, medical information, health insurance policy or identification, or email address and password that would permit access to an account containing any sensitive personally identifying information.  Generally, notification to residents affected by a breach must be made within 45 days, although there are some exceptions.  The law takes effect on May 1.