Data Controller

SECTION 30-2-20. Privacy policies and procedures required of all state entities.

All state agencies, boards, commissions, institutions, departments, and other state entities, by whatever name known, must develop privacy policies and procedures to ensure that the collection of personal information pertaining to citizens of the State is limited to such personal information required by any such agency, board, commission, institution, department, or other state entity and necessary to fulfill a legitimate public purpose.

HISTORY: 2002 Act No. 225, Section 1.

SECTION 30-2-30. Definitions.

For purposes of this act, the following terms have the following meanings:

(1) "Personal information" means information that identifies or describes an individual including, but not limited to, an individual's photograph or digitized image, social security number, date of birth, driver's identification number, name, home address, home telephone number, medical or disability information, education level, financial status, bank account numbers, account or identification number issued by or used, or both, by any federal or state governmental agency or private financial institution, employment history, height, weight, race, other physical details, signature, biometric identifiers, and any credit records or reports.