PhysicalSectorsSecurity NewswireAccess ManagementGovernment: Federal, State and Local

Maryland Amends its Data Breach Notification Law

Combating Complacency: Getting the Most Out of Your Data Breach Response Plan
June 6, 2019

The security breach notification requirements in the Maryland Personal Information Protection Act (MPIPA), or House Bill 1154, have been amended

Maryland Governor Larry Hogan approved of the changes made to MPIPA and the changes go into effect October 1, 2019. 

The bill:

  • Requires businesses that own licenses or maintain computerized data that includes personal information of an individual residing in the State, to conduct investigations as soon as they discover or are notified of a breach of the security of a system. 
  • Requires businesses to contact those affected by the security breach, no later than 45 days after the investigation is finalized. 
  • Requires businesses to maintain records after three years of the incident. 

HB 1154 prohibits owners and licensees of computerized data from using information relative to a breach of a security system for purposes other than: 

  1. providing notification of the breach
  2. protecting or securing personal information.
  3. providing notification to national information security organizations to alert and avert new or expanded breaches.

 

 

KEYWORDS: data breach information protection notification security breach

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Related Articles

Related Products

See More ProductsSee More Products

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!