To help our clients keep up with regulatory changes, Experian Health will provide quarterly legislation updates:
Q1 2018 updates
North Carolina Data Breach Legislation
In North Carolina legislation has been proposed that would require notice to be made within 15 calendar days of discovery of a data breach. If passed, North Carolina will have one of the most onerous breach notification laws in the country. For comparison, California’s notice requirement is 15 business days. North Carolina’s current statute requires notice without “unreasonable delay.”
Alabama Data Breach Legislation
On March 21 South Dakota’s data breach notification bill was signed into law, leaving Alabama as the only state without a data breach notification law. However, Alabama is working to change that. On March 1 the Alabama Senate unanimously voted to pass the bill containing the Alabama Data Breach Notification Act, sending it on to the Alabama House. (The House subsequently amended it and returned it to the Senate for concurrence.) The Act would require notification of affected individuals within 45 days of determination that (a) a breach has occurred and (b) the breach is reasonably likely to cause substantial harm. There would be no private right of action, but the Alabama Attorney General would be able to fine companies that fail to notify up to $5,000 per day.