Internet Law & Cyber-Security


Filter By Topics: Topic

We're Sorry

No Results Found

We're Sorry

No Results Found



Alabama Law Increases Cybersecurity Requirements for Insurance Entities

By Kacey Jennings, Villanova University Charles Widger School of Law

New Alabama law, S.B. 54, requires entities licensed by the Alabama Department of Insurance to develop and implement cybersecurity programs, and subjects those companies to civil penalties for noncompliance. Companies must maintain written information security programs including an incident response plan, and they must notify the Commissioner of Insurance of cybersecurity incidents no later than three business days after the determination the incident occurred. Businesses that have fewer than twenty-five employees, gross less than $5 million annually, or can provide a statement proving they are HIPAA compliant are exempt from this new law. This law is significant because it protects nonpublic personal information that could be used to identify consumers. Businesses in Alabama should review their policies to ensure they are compliant with this heightened standard, which goes into effect May 1, 2020.

Oregon and California Enact “Internet of Things” Laws to Protect Consumer Data

Top Contributors

Login or Registration Required

You need to be logged in to complete that action.