|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ch. 531
|
|
|
|
|
Martin O'Malley, Governor
|
|
|
|
|
|
|
|
|
|
|
(2) THE NATURE AND SIZE OF THE BUSINESS AND ITS
OPERATIONS;
(3) THE COSTS AND BENEFITS OF DIFFERENT DESTRUCTION
METHODS; AND
(4) AVAILABLE TECHNOLOGY.
14-3503.
(A) TO PROTECT PERSONAL INFORMATION FROM UNAUTHORIZED
ACCESS, USE, MODIFICATION, OR DISCLOSURE, A BUSINESS THAT OWNS OR
LICENSES PERSONAL INFORMATION OF AN INDIVIDUAL RESIDING IN THE STATE
SHALL IMPLEMENT AND MAINTAIN REASONABLE SECURITY PROCEDURES AND
PRACTICES THAT ARE APPROPRIATE TO THE NATURE OF THE PERSONAL
INFORMATION OWNED OR LICENSED AND THE NATURE AND SIZE OF THE
BUSINESS AND ITS OPERATIONS.
(B) (1) A BUSINESS THAT USES A NONAFFILIATED THIRD PARTY AS A
SERVICE PROVIDER TO PERFORM SERVICES FOR THE BUSINESS AND DISCLOSES
PERSONAL INFORMATION ABOUT AN INDIVIDUAL RESIDING IN THE STATE
UNDER A WRITTEN CONTRACT WITH THE THIRD PARTY SHALL REQUIRE BY
CONTRACT THAT THE THIRD PARTY IMPLEMENT AND MAINTAIN REASONABLE
SECURITY PROCEDURES AND PRACTICES THAT:
(I) ARE APPROPRIATE TO THE NATURE OF THE PERSONAL
INFORMATION DISCLOSED TO THE NONAFFILIATED THIRD PARTY; AND
(II) ARE REASONABLY DESIGNED TO HELP PROTECT THE
PERSONAL INFORMATION FROM UNAUTHORIZED ACCESS, USE, MODIFICATION,
DISCLOSURE, OR DESTRUCTION.
(2) THIS SUBSECTION SHALL APPLY TO A WRITTEN CONTRACT
THAT IS ENTERED INTO ON OR AFTER JANUARY 1, 2009.
14-3504.
(A) IN THIS SECTION:
(1) "BREACH OF THE SECURITY OF A SYSTEM" MEANS THE
UNAUTHORIZED ACQUISITION OF COMPUTERIZED DATA THAT COMPROMISES
THE SECURITY, CONFIDENTIALITY, OR INTEGRITY OF THE PERSONAL
|
|
|
|
|
|
|
|
- 3457 -
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|