In the event a third-party agent has experienced a breach of security in the system maintained by the agent, the agent shall notify the covered entity of the breach of security as expeditiously as possible and without unreasonable delay, but no later than 10 days following the determination of the breach of security or reason to believe the breach occurred. After receiving notice from a third-party agent, a covered entity shall provide notices required under Sections 8-38-5 and 8-38-6. A third-party agent, in cooperation with a covered entity, shall provide information in the possession of the third-party agent so that the covered entity can comply with its notice requirements. A covered entity may enter into a contractual agreement with a third-party agent whereby the third-party agent agrees to handle notifications required under this chapter.
Structure Code of Alabama
Title 8 - Commercial Law and Consumer Protection.
Chapter 38 - Data Breach Notification Act of 2018.
Section 8-38-3 - Reasonable Security Measures; Assessment.
Section 8-38-4 - Investigation of Security Breach.
Section 8-38-5 - Notice of Security Breach - Individuals Affected.
Section 8-38-6 - Notice of Security Breach - Attorney General.
Section 8-38-7 - Notice of Security Breach - Consumer Reporting Agencies.
Section 8-38-8 - Notice of Security Breach - Covered Entity.
Section 8-38-9 - Violations of Notification Requirements.
Section 8-38-10 - Disposal of Records Containing Sensitive Personally Identifying Information.