Maryland Amends its Data Breach Notification Law

Combating Complacency: Getting the Most Out of Your Data Breach Response Plan

The security breach notification requirements in the Maryland Personal Information Protection Act (MPIPA), or House Bill 1154, have been amended.

Maryland Governor Larry Hogan approved of the changes made to MPIPA and the changes go into effect October 1, 2019.

The bill:

Requires businesses that own licenses or maintain computerized data that includes personal information of an individual residing in the State, to conduct investigations as soon as they discover or are notified of a breach of the security of a system.
Requires businesses to contact those affected by the security breach, no later than 45 days after the investigation is finalized.
Requires businesses to maintain records after three years of the incident.

HB 1154 prohibits owners and licensees of computerized data from using information relative to a breach of a security system for purposes other than:

providing notification of the breach
protecting or securing personal information.
providing notification to national information security organizations to alert and avert new or expanded breaches.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.