Code of Maryland §14-3501 et seq
Enacted: 1.1.2008 - 1.1.2018 (Brand New Amendments Edition!)
Type of Data Covered: Computerized or electronic data.
Is Breach Defined?
Maryland's new amended statute includes the following definition in § 14-3504:
-
(a) "Breach of the security of a system" defined. -- In this section:
-
(1) "Breach of the security of a system" means the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the personal information maintained by a business; and
-
(2) "Breach of the security of a system" does not include the good faith acquisition of personal information by an employee or agent of a business for the purposes of the business, provided that the personal information is not used or subject to further unauthorized disclosure.
-
When is notice required?
As you would expect from a new statute, Maryland has perhaps the most clear and detailed statutory requirements in their data breach law, specifically §14-3504(b)-(k). Full statute is linked above but it is important to highlight that there is a 45 day reporting period unless some exception has been met. Notice is required for all residents affected by the breach and a copy must be given to the Attorney General's office and national credit agencies (if over 1,000 residents affected). Maryland also specifically asks for a description of the information that was lost, contact information for the business, a toll-free phone number to credit reporting agencies, the Federal Trade Commission and the AG's office, and finally a statement that these sources have information to help protect against identity theft.
What are the penalties for non-compliance?
Violations are one of the only segments of the statute that wasn't amended this year, §14-3508, which reads as follows:
-
A violation of this subtitle:
-
(1) Is an unfair or deceptive trade practice within the meaning of Title 13 of this article; and
-
(2) Is subject to the enforcement and penalty provisions contained in Title 13 of this article.
-