State House passes data breach protections for consumers

Email data security breach

Before Thursday, Alabama was one of only two states in the nation that did not require a data breach notification.

SB318, or the Data Breach Notification Act, passed through the Alabama house with a unanimous 101-0 vote Thursday evening.

The bill requires all companies doing business in the state to notify their customers if their personal information has been compromised.

“Virtually all of our vital personal information –  including Social Security numbers, military IDs, drivers’ licenses, bank account numbers, and medical data – is now online,” said the bill’s sponsor Decatur-Republican state Sen. Arthur Orr. “With this bill, consumers will know if their information has been compromised and what steps a company is taking to recover and protect consumers’ data.”

“Tonight, the Alabama House took action to arm Alabama consumers in the event that their personal information is compromised in a data breach,” added state Attorney General Steve Marshall. “Passage of the Alabama Data Breach Notification Act has been a high priority for my office. It is all the more important now, as yesterday the only other state in the country without such a consumer-protection law – South Dakota – enacted a data breach notification law, leaving Alabama alone.”

Marshall congratulated Orr and Huntsville-Republican state Rep. Phil Williams, who advanced the bill through the House.

“I appreciate the hard work of  Williams and Orr in moving the data breach notification bill a step closer toward final passage,” said Marshall.

The Alabama Senate passed SB318 by a vote of 24 to 0 earlier in March, the bill now returns to the Senate for a vote on whether to concur with the House changes.