Go to:

Alabama State Privacy Protection Rights

Alabama statewide privacy links:

Sponsored

Introduction to Alabama Privacy Rights

Alabama's approach to privacy protection reflects a blend of traditional Southern values regarding personal autonomy and a gradually evolving recognition of digital privacy concerns. Unlike comprehensive privacy legislation states such as California, Virginia, or Colorado, Alabama has not enacted a general consumer data privacy law. Instead, privacy protections in the Heart of Dixie are scattered across sector-specific statutes, common law precedents, and federal regulations that apply within state borders.

The Alabama Constitution provides limited explicit privacy protections compared to some state constitutions, though Alabama courts have recognized certain privacy rights through interpretation of existing constitutional provisions and common law principles. The state's privacy framework relies heavily on statutes addressing specific concerns: medical records confidentiality, financial information protection, data breach notification requirements, and limited restrictions on government surveillance.

When compared to other states, Alabama falls into the category of states with moderate privacy protections—more robust than states with virtually no data privacy legislation, but significantly behind privacy-forward states. Alabama enacted a data breach notification law in 2018, relatively late compared to California's pioneering 2003 statute. The state lacks comprehensive biometric privacy laws, robust consumer data rights legislation, and many of the employee privacy protections found in states like California, Illinois, or New York.

For Alabama residents concerned about privacy, understanding the patchwork of available protections is essential. While state law may not provide the comprehensive safeguards available elsewhere, Alabamians still have meaningful rights under federal law, specific state statutes, and through proactive privacy protection measures. This article provides a comprehensive guide to navigating privacy rights in Alabama, from accessing public records to protecting personal information from unauthorized disclosure.

Alabama's State Privacy Laws

Alabama's privacy legal framework consists of several sector-specific statutes rather than a comprehensive privacy law. Understanding these individual protections is crucial for Alabama residents seeking to safeguard their personal information.

Data Breach Notification Law

Alabama Code § 8-38-1 through § 8-38-12, enacted in 2018, establishes the state's data breach notification requirements. This statute requires entities that own or license sensitive personally identifying information about Alabama residents to provide notification following discovery of a breach of security. "Sensitive personally identifying information" includes a person's first name or first initial and last name in combination with Social Security number, driver's license number, financial account numbers, or payment card information.

The law requires notification "without unreasonable delay" and mandates that entities maintaining data on behalf of others must notify the data owner within ten business days of discovering the breach. Notification must be provided to affected individuals, and if more than 1,000 Alabama residents are affected, the Attorney General must also be notified. Businesses may be subject to penalties for violations, though Alabama's enforcement mechanisms are less stringent than those in many other states.

Financial Privacy Protections

Alabama Code § 5-19A-1 through § 5-19A-23 governs the Alabama Financial Privacy Act, which provides certain protections for customer financial records held by financial institutions. This statute generally requires financial institutions to notify customers when government agencies seek access to their financial records, with exceptions for certain law enforcement and regulatory purposes. The law aligns with federal financial privacy protections while providing additional state-level requirements.

Medical Records Privacy

Alabama Code § 22-21-440 addresses the confidentiality of hospital records, while § 34-26-2 protects physician-patient privilege. These statutes establish that medical records are confidential and may only be disclosed with patient consent or as specifically authorized by law. Alabama law provides stronger protections for mental health records under Alabama Code § 22-50-61, which strictly limits disclosure of mental health information and requires specific authorization for release.

Employee Privacy Rights

Alabama provides limited statutory employee privacy protections compared to many states. Alabama Code § 25-1-30 through § 25-1-39 addresses personnel records, requiring employers to permit employees to review their personnel files. However, Alabama is an employment-at-will state with minimal restrictions on employee monitoring, drug testing, or background checks beyond federal requirements. Alabama does not have comprehensive workplace privacy legislation restricting employer surveillance or monitoring of employee communications.

Genetic Information Privacy

Alabama Code § 27-53-1 prohibits health insurers from using genetic information to deny coverage or adjust premiums, providing some protection for genetic privacy. This statute works in conjunction with the federal Genetic Information Nondiscrimination Act (GINA) to create a framework protecting Alabamians from genetic discrimination.

Social Security Number Protection

Alabama Code § 41-13-90 restricts state agencies from publicly displaying Social Security numbers and requires redaction of Social Security numbers from public documents. However, this protection is more limited than comprehensive Social Security number protection laws in other states, and Alabama lacks prohibitions on private sector display of Social Security numbers found in states with more robust privacy legislation.

Freedom of Information / Open Records in Alabama

Alabama's public records law operates under the Alabama Open Records Act, codified in Alabama Code § 36-12-40, along with additional provisions scattered throughout Title 36. Alabama's approach to open government reflects a tension between transparency and privacy—public records are generally accessible, but numerous exemptions protect sensitive personal information.

What the Alabama Open Records Act Covers

The Alabama Open Records Act establishes that all state and local government records are public unless specifically exempted by law. "Records" broadly include documents, papers, letters, maps, books, photographs, sound recordings, data processing software, or other material regardless of physical form or characteristics. The Act applies to all state agencies, county and municipal governments, school boards, law enforcement agencies, and other public bodies.

Making an Open Records Request

Alabama law does not require requests to be in writing, though written requests are recommended for documentation purposes. Requests should be directed to the custodian of records for the specific agency holding the records. The request should reasonably describe the records sought with sufficient specificity to allow the agency to locate them. Alabama does not require requesters to provide identification or explain the purpose of their request.

Response Time Requirements

Alabama law does not specify a mandatory response timeframe, stating only that records should be provided within a "reasonable" time. What constitutes reasonable depends on the volume and complexity of the request. In practice, agencies typically respond within several business days for simple requests, but complex requests may take weeks. If an agency denies a request, the requester may seek judicial review through a petition for writ of mandamus in circuit court.

Fee Schedules

Alabama law permits agencies to charge "reasonable" copying costs. Many agencies charge $0.25 to $0.50 per page for standard copies. For electronic records, agencies may charge for the actual cost of duplication but cannot charge for staff time spent locating or reviewing records. However, Alabama Code § 36-12-41 allows agencies to charge for "extensive" clerical or supervisory assistance, though this provision is subject to interpretation and potential challenge.

Privacy Exemptions

Alabama law exempts numerous categories of records from disclosure to protect privacy, including:

Appeals Process

If an agency denies an open records request, the requester may file a petition for writ of mandamus in the circuit court of the county where the records are located. The court will review whether the agency properly applied exemptions. If the court finds the agency improperly withheld records, it may order disclosure. However, Alabama does not provide for attorney's fees or penalties against agencies that wrongfully withhold records, making enforcement more difficult than in states with stronger open records provisions.

HIPAA and Health Privacy in Alabama

The Health Insurance Portability and Accountability Act (HIPAA) establishes federal baseline protections for medical information that apply throughout Alabama. HIPAA's Privacy Rule governs how covered entities—healthcare providers, health plans, and healthcare clearinghouses—may use and disclose protected health information (PHI).

In Alabama, HIPAA compliance is enforced by the U.S. Department of Health and Human Services Office for Civil Rights. Healthcare providers must obtain patient authorization before disclosing PHI for purposes beyond treatment, payment, or healthcare operations. Patients have rights to access their medical records, request amendments, and receive an accounting of disclosures.

Alabama-Specific Health Privacy Protections

Alabama law provides additional health privacy protections beyond HIPAA's federal requirements. Alabama Code § 22-21-440 establishes that hospital records are confidential and may not be disclosed without patient consent except as specifically authorized by law. This statute applies to hospitals and may provide stronger protections than HIPAA in certain circumstances.

Mental health records receive heightened protection under Alabama Code § 22-50-61, which requires specific written authorization for disclosure of mental health treatment records. This protection applies to records maintained by mental health facilities and providers and includes strict requirements for what information may be disclosed even with authorization.

Alabama Code § 22-11A-38 protects the confidentiality of HIV test results, requiring written consent for disclosure with limited exceptions for healthcare providers involved in patient care, public health reporting, or court orders. This statute provides privacy protections specifically tailored to sensitive health information.

Protecting Your Medical Records

Alabama residents can take several steps to protect medical privacy. Request a copy of your healthcare provider's Notice of Privacy Practices to understand how your information may be used. Submit written requests to access your medical records—providers must respond within 30 days under HIPAA. If you believe your health information has been improperly disclosed, file a complaint with the Office for Civil Rights within 180 days of the alleged violation. Consider requesting restrictions on disclosures, though providers are not required to agree to all requested restrictions under HIPAA.

Consumer Data Privacy Rights in Alabama

Alabama lacks a comprehensive consumer data privacy law comparable to the California Consumer Privacy Act or similar legislation in Virginia, Colorado, Connecticut, and Utah. This means Alabama residents do not have state-law rights to access, delete, or opt out of the sale of personal data collected by businesses operating within the state. However, several federal laws and limited state protections provide some privacy rights for Alabama consumers.

Federal Privacy Rights Available to Alabama Residents

The Fair Credit Reporting Act (FCRA) provides Alabama residents with rights regarding information collected by consumer reporting agencies. Under FCRA, you have the right to obtain a free credit report annually from each of the three major credit bureaus through AnnualCreditReport.com. You may dispute inaccurate information, and reporting agencies must investigate disputes within 30 days. Negative information generally must be removed after seven years (ten years for bankruptcies).

The Telephone Consumer Protection Act (TCPA) restricts telemarketing calls and allows consumers to register phone numbers on the National Do Not Call Registry. Alabama residents can register at DoNotCall.gov to reduce unwanted telemarketing calls.

The Gramm-Leach-Bliley Act requires financial institutions to provide privacy notices explaining information sharing practices and allows consumers to opt out of certain information sharing with third parties.

Data Broker Opt-Out Rights

While Alabama does not regulate data brokers through state law, residents can still exercise opt-out rights directly with people-search and data broker websites. Major data brokers including Spokeo, Whitepages, BeenVerified, Intelius, and PeopleFinder provide opt-out mechanisms, though the process varies by company and typically requires individual requests to each broker.

The process generally involves locating your listing on the data broker site, finding the opt-out or privacy page (often in small print at the bottom of the website), submitting your information, and verifying the request through email confirmation. Many data brokers require you to provide the URL of your specific listing and verify your identity. Be prepared for the process to take several days to weeks, and understand that information may reappear as brokers acquire updated data from public records and other sources.

Alabama Data Breach Rights

Under Alabama Code § 8-38-1 et seq., if your personal information is compromised in a data breach, you have the right to receive notification from the entity that experienced the breach. This notification must include the date of the breach, types of information compromised, and contact information for the entity. If you receive breach notification, immediately monitor financial accounts, consider placing fraud alerts or credit freezes, and document all communications related to the breach.

Limited Sector-Specific Protections

Alabama Code § 8-19-11 provides limited protections against identity theft, making it a criminal offense to use another person's identifying information without authorization. While this is primarily a criminal statute, it reflects legislative recognition of privacy concerns and provides a basis for prosecution of those who misuse personal information.

Employment Background Checks & Privacy in Alabama

Alabama provides limited statutory restrictions on employment background checks beyond federal requirements. Employers in Alabama must comply with the Fair Credit Reporting Act when using third-party consumer reporting agencies to conduct background checks, but state law imposes few additional requirements.

What Employers Can Access

Alabama employers may access criminal records, credit reports (with proper FCRA authorization), driving records, education verification, employment history, and professional license verification. The Alabama Law Enforcement Agency (ALEA) maintains criminal history records that employers may access with the applicant's consent. Alabama courts provide public access to criminal case records unless specifically sealed or expunged.

Employers must obtain written authorization before procuring consumer reports under FCRA. If adverse action is taken based on a background check, employers must provide pre-adverse action notice including a copy of the report, allow time for the applicant to respond, and provide final adverse action notice with information about the reporting agency and the applicant's rights.

Ban-the-Box in Alabama

Alabama has not enacted statewide ban-the-box legislation prohibiting employers from inquiring about criminal history on initial employment applications. Some local jurisdictions have considered such measures, but as of 2024, Alabama employers generally may ask about criminal history at any stage of the hiring process. However, federal guidance and EEOC enforcement actions encourage employers to consider the nature of the offense, time elapsed, and relevance to the position before making hiring decisions based on criminal records.

Criminal Record Accessibility and Duration

Criminal convictions in Alabama are generally public record and remain accessible indefinitely unless expunged or sealed. Alabama Code § 15-27-1 through § 15-27-3 previously provided very limited expungement relief, primarily for cases dismissed, no-billed by grand juries, or resulting in acquittal. However, the Alabama Legislature has expanded expungement eligibility in recent years.

Under current law, certain felonies and misdemeanors may be expunged after waiting periods if specific conditions are met. Non-violent felonies may be eligible for expungement five years after sentence completion if no subsequent convictions occur. Misdemeanors and violations may be expunged after shorter waiting periods. Certain serious offenses including violent felonies, sex offenses, and crimes against children are generally not eligible for expungement.

Disputing Inaccurate Background Check Information

If a background check contains inaccurate information, Alabama residents should immediately contact the consumer reporting agency that prepared the report. Under FCRA, file a written dispute including documentation supporting your claim. The agency must investigate within 30 days and correct or delete inaccurate information. If the employer obtained information directly from courts or government agencies rather than through a consumer reporting agency, contact the source agency to correct records. For criminal record errors, contact the Alabama Law Enforcement Agency or the court where the case was handled to correct official records.

Protecting Yourself in Alabama: Practical Steps

Alabama residents concerned about privacy can take proactive steps to protect personal information, even without comprehensive state privacy legislation. The following practical guide provides actionable steps for enhancing personal privacy.

Step 1: Freeze Your Credit

Placing a credit freeze prevents identity thieves from opening new accounts in your name. Contact each of the three major credit bureaus: Equifax (800-349-9960 or equifax.com/personal/credit-report-services), Experian (888-397-3742 or experian.com/freeze), and TransUnion (888-909-8872 or transunion.com/credit-freeze). Credit freezes are free under federal law. You'll receive a PIN to lift the freeze when you need to apply for credit. Also freeze your report with Innovis, a smaller credit bureau, at innovis.com.

Step 2: Opt Out of Data Broker Sites

Systematically remove your information from major people-search sites. Start with these high-priority data brokers:

This process is time-consuming but significantly reduces your online exposure. Consider using privacy services like DeleteMe or PrivacyDuck that automate removal from multiple data brokers for a fee.

Step 3: Request Alabama Public Records About Yourself

Submit open records requests to Alabama agencies that maintain information about you. Request your driving record from the Alabama Law Enforcement Agency, Driver License Division (334-242-4400). Request any criminal history records through ALEA's Criminal Justice Information Services. Contact county circuit clerks for civil court records. Understanding what information is publicly available helps you identify what needs protection.

Step 4: Pursue Expungement if Eligible

If you have eligible offenses on your Alabama criminal record, petition for expungement under Alabama Code § 15-27-1 et seq. The process requires filing a petition in the circuit court where the conviction occurred, paying filing fees (typically $200-$300), and demonstrating eligibility. Consider consulting an attorney experienced in Alabama expungement law, as the process can be complex and denial may preclude refiling for a specified period. The Alabama State Bar Lawyer Referral Service (800-392-5660) can connect you with attorneys.

Step 5: Register for the National Do Not Call Registry

Register your phone numbers at DoNotCall.gov or call 888-382-1222 from the phone you wish to register. This reduces telemarketing calls, though it doesn't eliminate calls from political organizations, charities, or companies with which you have existing business relationships.

Step 6: Opt Out of Prescreened Credit Offers

Call 888-567-8688 or visit optoutprescreen.com to opt out of prescreened credit and insurance offers for five years or permanently. This reduces junk mail and prevents thieves from intercepting preapproved credit offers from your mailbox.

Step 7: Monitor Your Information Regularly

Check your credit reports annually at AnnualCreditReport.com. Search for yourself on major data broker sites quarterly to identify new listings. Set up Google Alerts for your name to monitor new online mentions. Review your social media privacy settings regularly and limit public sharing of personal information.

Step 8: Contact Alabama-Specific Resources

For identity theft or privacy violations, contact the Alabama Attorney General's Consumer Protection Division at 334-242-7334 or ago.alabama.gov. For HIPAA violations, file complaints with the U.S. Department of Health and Human Services Office for Civil Rights at hhs.gov/ocr. For credit reporting disputes, contact the Consumer Financial Protection Bureau at consumerfinance.gov or 855-411-2372.

Alabama Data Breach Notification Requirements

Alabama's data breach notification law, Alabama Code § 8-38-1 through § 8-38-12, establishes specific requirements for entities that experience security breaches involving Alabama residents' personal information.

Who Must Provide Notification

Any person or entity that conducts business in Alabama and owns or licenses sensitive personally identifying information about Alabama residents must provide notification following a breach. This includes businesses, government agencies, educational institutions, and nonprofit organizations. Third-party service providers that maintain data on behalf of others must notify the data owner within ten business days of discovering a breach.

What Triggers Notification Requirements

A breach requiring notification occurs when sensitive personally identifying information is acquired by an unauthorized person through a security breach. "Sensitive personally identifying information" includes an individual's first name or first initial and last name combined with: (1) Social Security number; (2) driver's license or state identification number; (3) financial account number, credit card number, or debit card number combined with security code or password; or (4) username or email combined with password or security question answer that would permit access to an online account.

Notification is not required if the covered entity determines through reasonable investigation that the breach will not likely result in harm to affected individuals. This determination must be documented.

Timing of Notification

Covered entities must provide notification "without unreasonable delay" following discovery of the breach or notification that a breach occurred. Alabama law does not specify an exact deadline, unlike states such as California (which requires notification without unreasonable delay) or Florida (which requires notification within 30 days). The absence of a specific timeframe creates uncertainty, though best practices suggest notification within 30-45 days of breach discovery.

Content and Method of Notification

Notification must include: (1) date or estimated date of the breach; (2) description of the categories of information compromised; (3) contact information for the covered entity; (4) contact information for major consumer reporting agencies if applicable; and (5) advice to individuals to remain vigilant by reviewing account statements and monitoring credit reports.

Notification may be provided by written notice, electronic notice if consistent with federal E-SIGN Act requirements, or telephone notice. If the cost of notification exceeds $500,000, the covered entity has more than 100,000 Alabama residents to notify, or the entity lacks sufficient contact information, substitute notice is permitted through email, conspicuous posting on the entity's website, and notification to major statewide media.

Attorney General Notification

If a breach affects more than 1,000 Alabama residents, the covered entity must notify the Alabama Attorney General's office. This notification should be provided consistent with the timing for individual notifications.

Penalties for Violations

Alabama's data breach notification law provides for enforcement by the Attorney General but does not specify statutory damages or create a private right of action for affected individuals. Violations may be prosecuted as deceptive trade practices under the Alabama Deceptive Trade Practices Act, which can result in civil penalties up to $2,000 per violation for non-willful violations and up to $5,000 per violation for knowing violations. The Attorney General may also seek injunctive relief. However, Alabama's enforcement mechanism is considerably weaker than states with robust data breach laws that include substantial statutory damages or private rights of action.

Children's Privacy in Alabama

Children's privacy in Alabama is primarily governed by federal law, as the state has not enacted comprehensive child-specific privacy legislation beyond federal requirements.

Children's Online Privacy Protection Act (COPPA)

COPPA, enforced by the Federal Trade Commission, applies throughout Alabama and requires websites and online services directed to children under 13 to obtain verifiable parental consent before collecting personal information from children. Operators must post privacy policies, provide notice to parents about information collection practices, and allow parents to review and delete their children's information. Alabama-based websites and services targeting children must comply with COPPA's requirements, including providing reasonable security for collected information.

Family Educational Rights and Privacy Act (FERPA)

FERPA protects the privacy of student education records at schools receiving federal funding throughout Alabama. Parents have rights to inspect and review their children's educational records, request corrections to inaccurate records, and control disclosure of personally identifiable information from education records. When students reach age 18 or attend postsecondary institutions, FERPA rights transfer to the student.

Alabama schools must provide annual notification of FERPA rights and obtain consent before disclosing education records except in specific circumstances such as school officials with legitimate educational interests, other schools to which students transfer, or in response to lawful subpoenas. Parents concerned about student privacy should review their school district's FERPA policies and directory information opt-out procedures.

Alabama Child-Specific Provisions

Alabama Code § 26-10A-31 protects the confidentiality of adoption records, including information about adopted children. These records are sealed and may only be accessed with court order or under specific statutory exceptions. Alabama Code § 12-15-133 protects the confidentiality of juvenile court records, limiting access to protect children's privacy. However, Alabama has not enacted comprehensive student data privacy legislation similar to laws in other states that restrict educational technology providers' use of student data.

Protecting Children's Privacy

Alabama parents should take proactive steps to protect children's online privacy. Review privacy settings on social media accounts, gaming platforms, and apps used by children. Discuss online privacy with children and establish family rules about sharing personal information online. Review schools' technology use policies and opt out of directory information disclosure if desired. Monitor children's online activities and teach digital literacy skills including recognizing privacy risks.

Frequently Asked Questions About Privacy Rights in Alabama

Does Alabama have a consumer data privacy law like California's CCPA?

No, Alabama has not enacted comprehensive consumer data privacy legislation comparable to the California Consumer Privacy Act (CCPA), Virginia Consumer Data Protection Act (VCDPA), or similar laws in Colorado, Connecticut, and Utah. Alabama residents do not have state-law rights to access, delete, or opt out of the sale of personal data collected by businesses. Privacy protections in Alabama come from sector-specific state laws (data breach notification, medical records confidentiality, financial privacy) and federal laws that apply in Alabama (FCRA, HIPAA, COPPA, GLBA). Alabama residents seeking to protect privacy must rely on federal rights, direct opt-out requests to data brokers, and proactive privacy protection measures.

How do I access my criminal record in Alabama?

Request your Alabama criminal history record from the Alabama Law Enforcement Agency (ALEA), Criminal Justice Information Services Division. Complete the Name-Based Record Check Request form available at alea.gov and submit with fingerprints (required for official records), identification, and the fee (typically $25-$35). You may also visit the ALEA headquarters at 301 South Ripley Street, Montgomery, AL 36104. For court records, contact the circuit clerk in the county where charges were filed. Alabama courts provide public access to criminal case information through individual county systems, though there is no statewide unified court records database accessible to the public online.

Can I expunge my criminal record in Alabama?

Alabama's expungement law, Alabama Code § 15-27-1 et seq., allows expungement of certain offenses after specified waiting periods. Charges that were dismissed, no-billed, or resulted in acquittal may be expunged immediately. Non-violent felonies may be expunged five years after completing all terms of the sentence if you have no subsequent convictions. Misdemeanors may be expunged after shorter waiting periods. Violent felonies, sex offenses, and crimes against children are generally not eligible for expungement. The process requires filing a petition in the circuit court where the conviction occurred, paying filing fees, and demonstrating eligibility. Consider consulting an attorney, as the process is complex and requirements vary based on the specific offense and circumstances.

How long does an Alabama agency have to respond to an open records request?

Alabama law requires agencies to provide public records within a "reasonable" time but does not specify a definite deadline in business days. What constitutes reasonable depends on factors including the volume of records requested, complexity of the search, and whether redactions are necessary. Simple requests typically receive responses within several business days to two weeks, while complex requests may take longer. If an agency does not respond within a reasonable time or denies your request, you may file a petition for writ of mandamus in circuit court to compel disclosure. Unlike states with strict statutory deadlines (such as Florida's requirement to respond within a reasonable time not to exceed a specific timeframe), Alabama provides agencies more discretion in determining response times.

What should I do if I receive a data breach notification in Alabama?

If you receive notification that your personal information was compromised in a data breach, take immediate action: (1) Review the notification carefully to understand what information was compromised; (2) Monitor financial accounts closely for unauthorized transactions; (3) Place fraud alerts with the three major credit bureaus (one call to any bureau requires it to notify the others); (4) Consider placing a credit freeze to prevent new accounts from being opened; (5) Change passwords for affected accounts and any accounts using the same password; (6) Review credit reports for unauthorized accounts or inquiries; (7) File an identity theft report with the FTC at IdentityTheft.gov if unauthorized activity occurs; (8) Keep all documentation related to the breach; (9) Monitor for phishing attempts that may follow breaches; and (10) If the breach was significant, consider credit monitoring services, which the breached entity may offer for free.

Can my employer monitor my communications in Alabama?

Alabama law provides limited restrictions on employer monitoring of employee communications. Alabama is an employment-at-will state without comprehensive workplace privacy legislation. Employers may generally monitor company-owned devices, email systems, and internet usage, particularly if they provide notice of monitoring policies. The federal Electronic Communications Privacy Act (ECPA) provides some protection, generally prohibiting interception of private communications, but includes a business use exception allowing employers to monitor communications on systems they provide. Best practices include: assume that communications on employer-provided devices and systems are monitored; review your employer's policies regarding monitoring and privacy; use personal devices for personal communications; understand that employers typically can access company email and communications even after employment ends. Alabama does not have statutes specifically restricting employer surveillance, drug testing policies, or off-duty conduct rules beyond federal requirements.

How do I remove my information from people-search websites?

Removing information from people-search and data broker sites requires submitting individual opt-out requests to each site. The process typically involves: (1) Searching for your listing on the specific site; (2) Copying the URL of your listing; (3) Locating the opt-out or privacy page (often linked at the bottom of the site); (4) Completing the opt-out form with required information; (5) Verifying your request through email confirmation; and (6) Waiting for removal, which typically takes several days to weeks. Major sites to prioritize include Spokeo, Whitepages, BeenVerified, Intelius, PeopleFinder, MyLife, and Radaris. Be aware that information may reappear as sites acquire updated data from public records. Consider using paid privacy services like DeleteMe or PrivacyDuck that automate removal from multiple brokers. Also address the source of publicly available information by limiting what you share on social media, opting out of directory listings, and using a P.O. box instead of home address for public registrations when possible.

Are my medical records protected in Alabama?

Yes, medical records in Alabama are protected by both federal HIPAA regulations and Alabama state law. HIPAA's Privacy Rule governs how healthcare providers, health plans, and healthcare clearinghouses use and disclose protected health information. Alabama Code § 22-21-440 provides additional state-level protection for hospital records, establishing confidentiality requirements. Mental health records receive heightened protection under Alabama Code § 22-50-61, which requires specific written authorization for disclosure. You have rights to access your medical records, request amendments to inaccurate information, and receive notice of privacy practices from healthcare providers. To protect medical privacy: request copies of privacy notices from providers; submit written authorization for any disclosures; review explanation of benefits statements for accuracy; request restrictions on disclosures when appropriate; and file complaints with the Office for Civil Rights at hhs.gov/ocr if you believe your privacy rights were violated. Alabama's state-level protections supplement federal HIPAA requirements and may provide stronger protections in certain

Last reviewed: Apr 2, 2026 Updated: Apr 2, 2026