Alabama Data Privacy Law

Alabama Data Privacy Law

Alabama has not yet proposed a comprehensive Alabama consumer privacy act or an Alabama Online Privacy Act.

On the debating table now is a narrower Alabama data privacy law named SB59, also referred to as The Personal Privacy Protection Act. The bill aims to protect the privacy of members, supporters, volunteers, or donors of a nonprofit organization.

It is important to note that under existing law, a public agency is not prohibited from disclosing certain personal information that identifies a person as a member, supporter, volunteer, or donor of a 501(c) nonprofit organization.

The bill would prohibit a public agency from disclosing personal information or requiring its disclosure, except as required by law. In addition, the bill would provide for civil and criminal penalties for violations.

Interestingly, Alabama’s constitution prohibits a general law whose purpose or effect would be to require a new or increased expenditure of local funds from becoming effective with regard to a local governmental entity without enactment by a ⅔ vote unless

  • it comes within one of a number of specified exceptions
  • it is approved by the affected entity
  • the Legislature appropriates funds, or provides a local source of revenue, to the entity for the purpose.

In reality, this bill would require a new or increased expenditure of local funds within the meaning of the amendment. However, the bill does not require approval of a local governmental entity or enactment by a 2/3 vote to become effective because the bill defines a new crime or

amends the definition of an existing crime, as explained in the state constitution.

SB 59 relates to the disclosure of certain personal information and is titled The Personal

Privacy Protection Act. Let’s run through the contents of the bill.

Definition of Terms

Nonprofit Organization

An entity that is exempt from federal income tax under Section 501(c) of the IRS or is a nonprofit business entity recognized under state law.

Personal Information

Any list, record, register, registry, roll, roster, or other compilation of data of any kind that directly or indirectly identifies a person as a member, supporter, volunteer, or donor of financial or nonfinancial support to any nonprofit organization.

Public Agency

Any department, agency, office, commission, board, division, or other entity of this state, or

of any political subdivision of this state.

Requirements for Public Agencies

A public agency shall not do any of the following:

  • Require any person or nonprofit organization to provide the public agency with personal information or otherwise compel the release of personal information.
  • Release, publicize, or otherwise publicly disclose personal information in its possession.
  • Request or require a current or prospective contractor or grantee of the public agency to provide a list of nonprofit organizations to which the current or prospective contractor or grantee has provided financial or nonfinancial support.


  • Any report or disclosure required by The Fair Campaign Practices Act, Chapter 5 of Title 17, Code of Alabama 1975, or any successor provisions thereto.
  • Any lawful warrant for personal information issued by a court of competent jurisdiction.
  • Any lawful request for discovery of personal information in litigation if all written conditions are met.
  • Admission of personal information as relevant evidence before a court of competent jurisdiction; however, no court shall publicly reveal personal information absent a specific finding of good cause.
  • A release of personal information by any public agency if the information had previously been voluntarily released to the public either by the person to which it pertains or by a nonprofit organization to which the person is a donor.
  • The keeping of filings, certificates, and other public records that disclose the identity of any director, officer, registered agent, or incorporator of a nonprofit organization in any report or disclosure required by law to be filed with the Secretary of State, except that information that directly identifies a person as a donor of financial support to a nonprofit organization, shall not be collected or disclosed.
  • Disclosure of personal information derived from a donation to a nonprofit organization affiliated with a public agency as required by law, if the person has not previously requested anonymity from the nonprofit organization.


This act, if passed, will become effective on the first day of the third month following its passage and approval by the Governor, or its otherwise becoming law.

Sign up for our Data Privacy Tracker with monthly updates on the latest news and developments

Skip to content