|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Martin O'Malley, Governor
|
|
|
|
|
|
Ch. 532
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(2) CONSPICUOUS POSTING OF THE NOTICE ON THE WEBSITE OF
THE BUSINESS, IF THE BUSINESS MAINTAINS A WEBSITE; AND
(3) NOTIFICATION TO STATEWIDE MEDIA.
(G) THE NOTIFICATION REQUIRED UNDER SUBSECTIONS SUBSECTION
(B) AND (C) OF THIS SECTION SHALL INCLUDE:
(1) TO THE EXTENT POSSIBLE, A DESCRIPTION OF THE
CATEGORIES OF INFORMATION THAT WERE, OR ARE REASONABLY BELIEVED TO
HAVE BEEN, ACQUIRED BY AN UNAUTHORIZED PERSON, INCLUDING WHICH OF
THE ELEMENTS OF PERSONAL INFORMATION WERE, OR ARE REASONABLY
BELIEVED TO HAVE BEEN, ACQUIRED;
(2) CONTACT INFORMATION FOR THE BUSINESS MAKING THE
NOTIFICATION, INCLUDING THE BUSINESS' ADDRESS, TELEPHONE NUMBER,
AND TOLL-FREE TELEPHONE NUMBER IF ONE IS MAINTAINED;
(3) THE TOLL-FREE TELEPHONE NUMBERS AND ADDRESSES FOR
THE MAJOR CONSUMER REPORTING AGENCIES; AND
(4) (I) THE TOLL-FREE TELEPHONE NUMBERS, ADDRESSES,
AND WEBSITE ADDRESSES FOR:
1. THE FEDERAL TRADE COMMISSION; AND
2. THE OFFICE OF THE ATTORNEY GENERAL; AND
(II) A STATEMENT THAT AN INDIVIDUAL CAN OBTAIN
INFORMATION FROM THESE SOURCES ABOUT STEPS THE INDIVIDUAL CAN TAKE
TO AVOID IDENTITY THEFT.
(G)(H) A PRIOR TO GIVING THE NOTIFICATION REQUIRED UNDER
SUBSECTIONS SUBSECTION (B) AND (C) OF THIS SECTION AND SUBJECT TO
SUBSECTION (D) OF THIS SECTION, A BUSINESS SHALL PROVIDE NOTICE OF A
BREACH OF THE SECURITY OF A SYSTEM TO THE OFFICE OF THE ATTORNEY
GENERAL WITHIN 5 BUSINESS DAYS AFTER THE BUSINESS BECOMES AWARE OF
THE BREACH.
(H)(I) A WAIVER OF ANY PROVISION OF THIS SECTION IS CONTRARY
TO PUBLIC POLICY AND IS VOID AND UNENFORCEABLE.
|
|
|
|
|
|
|
|
|
|
- 3471 -
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
