|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ch. 532
|
|
2007 Laws of Maryland
|
|
|
|
|
|
|
|
|
|
|
(B) (1) A BUSINESS THAT OWNS OR LICENSES COMPUTERIZED DATA
THAT INCLUDES PERSONAL INFORMATION OF AN INDIVIDUAL RESIDING IN THE
STATE, WHEN IT DISCOVERS OR IS NOTIFIED OF A BREACH OF THE SECURITY OF
A SYSTEM, SHALL CONDUCT IN GOOD FAITH A REASONABLE AND PROMPT
INVESTIGATION TO DETERMINE THE LIKELIHOOD THAT THE BREACH WILL
RESULT IN A MATERIAL RISK OF IDENTITY THEFT.
(2) IF, AFTER THE INVESTIGATION IS CONCLUDED, THE BUSINESS
REASONABLY BELIEVES THAT THE BREACH OF THE SECURITY OF A SYSTEM HAS
RESULTED OR WILL RESULT IN A MATERIAL RISK OF IDENTITY THEFT OF
PERSONAL INFORMATION OF AN INDIVIDUAL RESIDING IN THE STATE, THE
BUSINESS SHALL NOTIFY THE INDIVIDUAL OF THE BREACH SHALL NOTIFY THE
INDIVIDUAL OF A BREACH OF THE SECURITY OF A SYSTEM IF, AS A RESULT OF
|
|
|
|
|
|
|
|
THE BREACH, THE INDIVIDUAL'S PERSONAL INFORMATION:
(I) HAS BEEN ACQUIRED BY AN UNAUTHORIZED PERSON; OR
(II) IS REASONABLY BELIEVED TO HAVE BEEN ACQUIRED BY AN UNAUTHORIZED PERSON.
|
|
|
|
|
|
|
|
(B) (1) A BUSINESS THAT OWNS OR LICENSES COMPUTERIZED DATA
THAT INCLUDES PERSONAL INFORMATION OF AN INDIVIDUAL RESIDING IN THE
STATE, WHEN IT DISCOVERS OR IS NOTIFIED OF A BREACH OF THE SECURITY OF
A SYSTEM, SHALL CONDUCT IN GOOD FAITH A REASONABLE AND PROMPT
INVESTIGATION TO DETERMINE THE LIKELIHOOD THAT PERSONAL
INFORMATION OF THE INDIVIDUAL HAS BEEN OR WILL BE MISUSED AS A RESULT
OF THE BREACH.
(2) IF AFTER THE INVESTIGATION IS CONCLUDED, THE BUSINESS
DETERMINES THAT MISUSE OF THE INDIVIDUAL'S PERSONAL INFORMATION HAS
OCCURRED OR IS REASONABLY LIKELY TO OCCUR AS A RESULT OF A BREACH OF
THE SECURITY OF A SYSTEM, THE BUSINESS SHALL NOTIFY THE INDIVIDUAL OF
THE BREACH.
(3) (2) (3) EXCEPT AS PROVIDED IN SUBSECTION (D) OF THIS
SECTION, THE NOTIFICATION REQUIRED UNDER PARAGRAPH (2) (1) (2) OF THIS
SUBSECTION SHALL BE GIVEN AS SOON AS REASONABLY PRACTICABLE AFTER
THE BUSINESS CONDUCTS THE INVESTIGATION REQUIRED UNDER PARAGRAPH
(1) OF THIS SUBSECTION DISCOVERS OR IS NOTIFIED OF THE BREACH OF THE
SECURITY OF A SYSTEM CONDUCTS THE INVESTIGATION REQUIRED UNDER
PARAGRAPH (1) OF THIS SUBSECTION.
|
|
|
|
|
|
|
|
- 3468 -
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
![clear space](../../../images/clear.gif) |