An entity subject to or regulated by state laws, rules, regulations, procedures, or guidance on data breach notification that are established or enforced by state government, and are at least as thorough as the notice requirements provided by this chapter, is exempt from this chapter so long as the entity does all of the following: (1) Maintains procedures pursuant to those laws, rules, regulations, procedures, or guidance. (2) Provides notice to affected individuals pursuant to the notice requirements of those laws, rules, regulations, procedures, or guidance. (3) Timely provides a copy of the notice to the Attorney General when the number of individuals the entity notified exceeds 1,000.
‹ Prev All Alabama sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.