The Legal Framework for Data Protection in Alaska

January 04, 2022 | 4 minutes read
The Legal Framework for Data Protection in Alaska

The Alaska Personal Information Protection Act is a data privacy law that was passed in the U.S. state of Alaska in 2009. While the Alaska Personal Information Protection Act is not a comprehensive data protection law such as the Virginia Consumer Data Protection Act or the California Privacy Rights Act, the law does govern the collection and processing of certain categories of personal information. As such, the Alaska Personal Information Protection Act represents one of the foremost ways in which certain categories of personal data are legally protected at a state level within Alaska. Moreover, the law also establishes the sanctions and penalties that individuals, businesses, and organizations operating within the state of Alaska stand to face should they violate the various provisions of the law.

What are the provisions of the Alaska Personal Information Protection Act?

One of the primary provisions of the Alaska Personal Information Protection Act is Sec. 45.48.010 – .090, which pertains to data breach security. Under Sec. 45.48.010 – .090, a data breach is defined as “an unauthorized acquisition (or the reasonable belief of such) that compromises the security, integrity, or confidentiality of covered information. This excludes some good-faith acquisitions by employees or agents and applies to businesses with more than 10 employees or any person doing business with another entity who owns, licenses, or maintains covered information.” Under Sec. 45.48.010 – .090, businesses and organizations that operate within the state of Alaska are required to provide citizens with data breach notifications in the event that their personal information is compromised through such an incident.

These notifications must be provided to consumers in written form and contain information detailing the categories of personal data that were disclosed in the data breach, among other specifics. Furthermore, in instances where more than 1,000 Alaskan residents are notified as a result of a data breach, the entity that experienced the breach is also responsible for notifying all consumer credit reporting agencies within the U.S., without undue delay. To this end, the following types of personal information are covered under Sec. 45.48.010 – .090 of the Alaska Personal Information Protection Act:

Sec. 45.48.600 – .690- Factual Declaration of Innocence After Identity Theft; Right to File Police Report

Sec. 45.48.600 – .690 of the Alaska Personal Information Protection Act pertains to identity theft. Under this provision of the law, victims of identity theft within the state are entitled to “petition the Alaska Superior Court for a declaration that the individual is factually innocent of the crime if the perpetrator was arrested, cited, or convicted of the crime. The court has broad discretion to make a determination based on declarations, affidavits, or other relevant material. This section also allows the Department of Law to establish and maintain a database of individuals who have been the victims of identity theft and who have been declared innocent of the crime.” What’s more, Sec. 45.48.600 – .690 also contains a provision that allows Alaskan residents to file a police report with local law enforcement authorities in instances where they have learned or have reason to believe that they have been the victim of identity theft, irrespective of the jurisdiction in which the alleged or suspected actions took place.

Sec. 45.48.500 – .590 – Disposal of Records

Sec. 45.48.500 – .590 of the Alaska Personal Information Protection Act covers the disposal of organizational and government records with the state. Under Sec. 45.48.500 – .590, businesses and government agencies within Alaska are required to develop and maintain reasonable security measures for the purposes of preventing the “unauthorized access to, or use of records” when disposing of records containing personal information. In order to comply with this requirement, said entities must implement policies and procedures that require the destruction of personal information after the purposes for which said information has been used have been fulfilled.

Alternatively, businesses and organizations within the state can also outsource this duty to a third party, as the law states that “a business or government agency is not liable for the disposal after relinquishing control of the records to a third party that is in the business of record destruction.” In terms of the enforcement of the law, businesses and organizations that violate Sec. 45.48.500 – .590, along with any of the other various provisions established by the Alaska Personal Information Protection Act, are subject to “a $3,000 penalty plus actual economic damages, court costs, and full reasonable attorneys fees.”

While the Alaska Personal Information Protection Act does not provide Alaskan citizens with comprehensive personal data protection, the law does provide said citizens with the means to seek justice and compensation in the event that certain categories of personal information concerning them are improperly disclosed or accessed. In addition to provisions regarding data breaches, identity theft, and personal records, the law also contains sections that cover credit reporting matters, the truncation of debit and credit information, and the protection of social security numbers. As such, Alaskan citizens can rest assured that these forms of personal data and information are protected under the law of their state.

Related Reads

Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Sensitive Information, Protected: Patient Privacy, HIPAA, And You
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
Protecting Privacy in the Healthcare Field: PII, PHI & PCI
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
FISA Section 702, Is The US Government Monitoring You?
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
The Gap You Won’t Want to Close: Air-Gapped Systems
June 05, 2023 | 6 minutes read
The Gap You Won’t Want to Close: Air-Gapped Systems

An air-gapped system is a computer, or network that is physically isolated from any external connections and networks which includes the Internet. It operates in total isolation with neither wired nor wireless connections to other devices.

Learn More »
Using Redaction for Privacy Maintenance as An Investigator
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »