Alaska stands apart from most states in one critical way: it is one of the few states in the nation that explicitly guarantees a right to privacy in its constitution. Yet despite this strong constitutional foundation, Alaska has not yet enacted a comprehensive consumer data privacy law. Here is what Alaska residents need to know about their current privacy protections, the legislation working its way through the state capitol, and how to protect their personal data in the meantime.
Alaska's Constitutional Right to Privacy
Article I, Section 22 of the Alaska Constitution states: "The right of the people to privacy is recognized and shall not be infringed. The legislature shall implement this section."
Added by amendment in 1972, this provision makes Alaska one of roughly ten states with an explicit constitutional privacy guarantee. The Alaska Supreme Court has interpreted this right broadly, recognizing two distinct components:
- Personal autonomy: The right to make personal decisions about one's own life without government interference, including decisions about reproductive health, personal conduct in the home, and other matters of individual liberty.
- Informational privacy: The right to control the disclosure of personal information and to shield private details from public exposure.
This constitutional right primarily restricts government action rather than private businesses. It means the state of Alaska faces a higher bar than many other states when it comes to collecting, using, or disclosing residents' personal information. However, it does not directly regulate how private companies handle consumer data — which is why statutory protections matter.
The Alaska Personal Information Protection Act (APIPA)
The cornerstone of Alaska's current data privacy framework is the Alaska Personal Information Protection Act, codified at AS 45.48.010 through 45.48.090. APIPA governs how businesses must respond when personal information is compromised in a data breach.
Who Is Covered
APIPA applies to any person or entity that owns or licenses personal information about Alaska residents. This includes businesses operating in Alaska, out-of-state companies that hold data on Alaska residents, and government agencies handling personal records.
What Counts as Personal Information
Under APIPA, personal information is defined as a resident's name in combination with one or more of the following:
- Social Security number
- Driver's license or state identification number
- Account number, credit card number, or debit card number combined with any required security code, access code, or password that would permit access to a financial account
Breach Notification Requirements
If a covered entity discovers a breach of security involving personal information, it must:
- Notify affected residents in the most expeditious time possible and without unreasonable delay
- Include specific content in the notification: the date or estimated date range of the breach, a description of the compromised information, contact information for the breached entity, and steps individuals can take to protect themselves
- Notify credit reporting agencies if more than 1,000 Alaska residents are affected, including timing and content details of the consumer notices sent to all three nationwide consumer credit reporting agencies
Notification may be delayed only if law enforcement determines it would interfere with a criminal investigation.
What to Do If You Receive a Breach Notice
If a company notifies you that your data was compromised, take immediate action: freeze your credit with Equifax, Experian, and TransUnion; change passwords on all affected accounts; enable two-factor authentication everywhere possible; and monitor your financial statements closely for unauthorized activity. Consider enrolling in a monitoring service like PrivacyOn that includes dark web surveillance to alert you if your information appears in breach databases.
Penalties for Non-Compliance
Failure to provide the required breach notification is treated as an unfair or deceptive act or practice under Alaska's consumer protection statute (AS 45.50). The Alaska Attorney General can pursue enforcement actions, and affected consumers may have access to civil remedies under the state's unfair trade practices law.
Insurance Data Security Act (SB 134)
In 2024, Alaska enacted SB 134, establishing insurance data security requirements under AS 21.23. This law specifically targets the insurance industry and is modeled on the National Association of Insurance Commissioners' Insurance Data Security Model Law.
Key provisions include:
- Licensed insurers must develop and maintain a comprehensive written information security program
- Insurers must conduct risk assessments and implement security measures proportionate to the risks identified
- Cybersecurity events must be reported to the Director of Insurance within 72 hours
- Third-party service providers handling insurer data must meet minimum security standards
The law is being implemented on a staggered schedule, with provisions taking effect on January 1, 2025, January 1, 2026, and January 1, 2027.
Pending Legislation: The Consumer Data Privacy Act
Alaska has been working toward comprehensive consumer data privacy legislation. The most recent effort is HB 367, the Consumer Data Privacy Act, introduced during the 34th Legislature (2025-2026) and currently under consideration in the House Judiciary Committee.
Earlier versions of this legislation — HB 159 and SB 116, introduced during the 32nd Legislature — proposed some of the strongest consumer privacy rights in the nation. The legislation as proposed would grant Alaska residents:
- Right to know: The right to be informed when businesses collect personal information about them
- Right to disclosure: The right to learn what specific information a business has collected over the preceding five years and whether that information has been sold or shared with third parties
- Right to delete: The right to request that businesses delete personal information collected within the last five years
- Right to opt out: The right to prevent businesses from selling their personal information to third parties
Notably, the proposed five-year lookback period for disclosure and deletion rights would exceed the protections offered by California's CCPA, which uses a 12-month lookback. The legislation would also create a data broker registry, requiring companies that buy and sell consumer data to register with the state.
No Comprehensive Privacy Law Yet
As of May 2026, Alaska has not enacted comprehensive consumer data privacy legislation. HB 367 remains in committee. Until a law passes, Alaska residents do not have statutory rights to access, correct, or delete personal data held by private businesses, nor can they opt out of data sales under state law. Federal protections like the Fair Credit Reporting Act provide some baseline rights, but they are limited in scope compared to state privacy laws in California, Colorado, Texas, and other states that have enacted comprehensive legislation.
Other Privacy-Related Alaska Statutes
Beyond APIPA and the insurance security law, several other Alaska statutes touch on privacy:
- Identity theft (AS 11.46.565): Alaska criminalizes the use of another person's identification with intent to commit fraud, classifying it as a felony offense
- Eavesdropping and wiretapping (AS 42.20.300): Alaska is a one-party consent state for recording conversations, meaning one participant in a conversation may record it without the other party's knowledge
- Student privacy: Alaska follows federal FERPA protections for educational records and has additional state-level requirements for how schools handle student data
- Health information: Alaska healthcare providers are subject to federal HIPAA requirements, and Alaska law provides additional protections for certain categories of sensitive health information
How Alaska Compares to Other States
Alaska's privacy landscape is a study in contrasts. Its constitutional privacy guarantee is among the strongest in the nation, yet the absence of comprehensive consumer data privacy legislation places Alaska behind states like California, Colorado, Connecticut, Virginia, Oregon, Montana, and Texas, all of which have passed comprehensive privacy statutes. Alaska's neighbors — particularly Washington and Oregon — have also moved ahead. If HB 367 passes, Alaska would join this group and potentially offer protections that exceed some existing state laws thanks to its proposed five-year lookback period.
Protecting Your Privacy as an Alaska Resident
While you wait for Alaska's legislature to act, you can take concrete steps to protect your personal information right now:
- Freeze your credit with all three major bureaus to prevent identity thieves from opening accounts in your name
- Opt out of data brokers that publish your personal information — people-search sites like Spokeo, Whitepages, BeenVerified, and dozens of others likely have profiles on you right now
- Use strong, unique passwords and enable two-factor authentication on every account that supports it
- Review privacy settings on social media platforms and limit what information is publicly visible
- Monitor for breaches — given APIPA's lack of a specific notification deadline, you may not hear about a breach quickly
Opting out of data brokers individually is time-consuming and requires ongoing effort, since brokers regularly re-acquire data from public records and third-party sources. PrivacyOn automates this process by continuously monitoring over 100 data broker sites, submitting removal requests on your behalf, and verifying that your information stays removed. With family plans covering up to 5 members, dark web monitoring, and 24/7 surveillance starting at $8.33 per month, PrivacyOn provides the kind of proactive, ongoing privacy protection that Alaska law does not yet require businesses to give you — but that your constitutional right to privacy suggests you deserve.