An entity subject to or regulated by state laws, rules, regulations, procedures, or guidance on data breach notification that are established or enforced by state government, and are at least as thorough as the notice requirements provided by this chapter, is exempt from this chapter so long as the entity does all of the following:
(1) Maintains procedures pursuant to those laws, rules, regulations, procedures, or guidance.
(2) Provides notice to affected individuals pursuant to the notice requirements of those laws, rules, regulations, procedures, or guidance.
(3) Timely provides a copy of the notice to the Attorney General when the number of individuals the entity notified exceeds 1,000.
Structure Code of Alabama
Title 8 - Commercial Law and Consumer Protection.
Chapter 38 - Data Breach Notification Act of 2018.
Section 8-38-3 - Reasonable Security Measures; Assessment.
Section 8-38-4 - Investigation of Security Breach.
Section 8-38-5 - Notice of Security Breach - Individuals Affected.
Section 8-38-6 - Notice of Security Breach - Attorney General.
Section 8-38-7 - Notice of Security Breach - Consumer Reporting Agencies.
Section 8-38-8 - Notice of Security Breach - Covered Entity.
Section 8-38-9 - Violations of Notification Requirements.
Section 8-38-10 - Disposal of Records Containing Sensitive Personally Identifying Information.