On March 28, 2018, Alabama's governor signed S.B. 318, making Alabama the final state to enact a data breach notification law. The law governs data breach notification requirements for entities acquiring or using sensitive personally identifying information of an Alabama resident. The bill requires notification to affected customers in the event of a breach within 45 days of the entity determining that a breach occurred. The law also provides that covered entities and their agents must implement and maintain reasonable security measures to protect sensitive personally identifying information.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.