FYI: Data & Document Security Ramps Up in Alabama June 2018

On June 1, 2018, the state of Alabama will join the other 49 U.S. states to require data breach notification.

In cooperation with the Alabama Retail Association and Alabama Attorney General Steve Marshall, Sen. Arthur Orr (R-Decatur) and Rep. Phil Williams (R-Huntsville) proposed the Alabama Data Breach Notification Act of 2018, and the Alabama Legislature approved the legislation on March 27. Governor Kay Ivey signed it into law on March 28, 2018.

Protecting Alabama’s Consumers

The law goes into effect on June 1, 2018, and requires public and private entities to not only establish “reasonable data security measures,” but to also notify individuals whose personal data has been compromised in such a way that may cause harm, within no more than 45 days after the breach has been discovered. It also includes a data disposal provision that requires all sensitive information be destroyed when no longer needed.

If more than 1,000 consumers are affected by a breach, the attorney general and consumer credit-reporting agencies must be alerted. Should these notification requirements be “willfully or recklessly disregarded,” fines and penalties could total as much as $500,000!

This legislation applies to Alabama retailers, financial services, health care industries and governmental entities. According to a 2017 report published by the National Retail Federation (NRF), breaches are known to occur throughout a wide range of industries:

  • 24.3% Financial Services
  • 15.3% Healthcare
  • 12.4% Government
  • 10.4% Accommodations (incl. hotels & restaurants)
  • 6.4% Manufacturing
  • 5.8% Information Services (incl. cable and telecom)
  • 5.6% Professional
  • 4.8% Retail
  • 3.5% Unknown
  • 11.5% All Other Industries (combined)

Do Your Part to Increase Document Security

To reduce your risk of data and document security breaches, consider following these safety tips:

  1. Provide regular training for your staff regarding secure information handling and destruction.
  2. Require the use of locked consoles for document disposal.
  3. Avoid in-house shredding efforts. Partner with a professional shredding service to destroy any document that may contain sensitive or proprietary information.
  4. Assign a management-level employee to oversee document security efforts.
  5. Rather than depending on simply wiping or degaussing electronic data and media, always take the next step of having it crushed by a professional shredding service.
  6. Remain aware of legal document security requirements, compliance, and practices applicable in your state and location.

Ensure Your Document Security and Destruction

To learn more about how you can ensure your company is abiding by this new legislation, to download the FREE Secure Destruction app, or to request a FREE QUOTE for data, document and hard drive destruction, contact Secure Destruction today!