A covered entity or third-party agent shall take reasonable measures to dispose, or arrange for the disposal, of records containing sensitive personally identifying information within its custody or control when the records are no longer to be retained pursuant to applicable law, regulations, or business needs. Disposal shall include shredding, erasing, or otherwise modifying the personal information in the records to make it unreadable or undecipherable through any reasonable means consistent with industry standards.
Structure Code of Alabama
Title 8 - Commercial Law and Consumer Protection.
Chapter 38 - Data Breach Notification Act of 2018.
Section 8-38-3 - Reasonable Security Measures; Assessment.
Section 8-38-4 - Investigation of Security Breach.
Section 8-38-5 - Notice of Security Breach - Individuals Affected.
Section 8-38-6 - Notice of Security Breach - Attorney General.
Section 8-38-7 - Notice of Security Breach - Consumer Reporting Agencies.
Section 8-38-8 - Notice of Security Breach - Covered Entity.
Section 8-38-9 - Violations of Notification Requirements.
Section 8-38-10 - Disposal of Records Containing Sensitive Personally Identifying Information.