|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Ch. 532
|
|
|
|
|
|
2007 Laws of Maryland
|
|
|
|
|
|
|
|
|
|
|
|
|
|
(I)(J) COMPLIANCE WITH THIS SECTION DOES NOT RELIEVE A
BUSINESS FROM A DUTY TO COMPLY WITH ANY OTHER REQUIREMENTS OF
FEDERAL LAW RELATING TO THE PROTECTION AND PRIVACY OF PERSONAL
INFORMATION.
14-3505.
THE PROVISIONS OF THIS SUBTITLE ARE EXCLUSIVE AND SHALL
PREEMPT ANY PROVISION OF LOCAL LAW.
14-3506.
(A) IF A BUSINESS IS REQUIRED UNDER § 14-3504 OF THIS SUBTITLE TO
GIVE NOTICE OF A BREACH OF THE SECURITY OF A SYSTEM TO 1,000 OR MORE
INDIVIDUALS, THE BUSINESS ALSO SHALL NOTIFY, WITHOUT UNREASONABLE
DELAY, EACH CONSUMER REPORTING AGENCY THAT COMPILES AND MAINTAINS
FILES ON CONSUMERS ON A NATIONWIDE BASIS, AS DEFINED BY 15 U.S.C. §
1681A(P), OF THE TIMING, DISTRIBUTION, AND CONTENT OF THE NOTICES.
(B) THIS SECTION DOES NOT REQUIRE THE INCLUSION OF THE NAMES
OR OTHER PERSONAL IDENTIFYING INFORMATION OF RECIPIENTS OF NOTICES
OF THE BREACH OF THE SECURITY OF A SYSTEM.
14-3507.
(A) IN THIS SECTION, "AFFILIATE" MEANS A COMPANY THAT CONTROLS,
IS CONTROLLED BY, OR IS UNDER COMMON CONTROL WITH A BUSINESS
DESCRIBED IN SUBSECTION (C)(1) OF THIS SECTION.
(B) A BUSINESS THAT COMPLIES WITH THE REQUIREMENTS FOR
NOTIFICATION PROCEDURES, THE PROTECTION OR SECURITY OF PERSONAL
INFORMATION, OR THE DESTRUCTION OF PERSONAL INFORMATION UNDER THE
RULES, REGULATIONS, PROCEDURES, OR GUIDELINES ESTABLISHED BY THE
PRIMARY OR FUNCTIONAL FEDERAL OR STATE REGULATOR OF THE BUSINESS
SHALL BE DEEMED TO BE IN COMPLIANCE WITH THIS SUBTITLE.
(C) (1) A BUSINESS THAT IS SUBJECT TO AND IN COMPLIANCE WITH §
501(B) OF THE FEDERAL GRAMM-LEACH-BLILEY ACT, 15 U.S.C. § 6801, § 216
OF THE FEDERAL FAIR AND ACCURATE TRANSACTIONS ACT, 15 U.S.C. §
1681W, THE FEDERAL INTERAGENCY GUIDELINES ESTABLISHING
INFORMATION SECURITY STANDARDS, AND THE FEDERAL INTERAGENCY
GUIDANCE ON RESPONSE PROGRAMS FOR UNAUTHORIZED ACCESS TO
CUSTOMER INFORMATION AND CUSTOMER NOTICE, AND ANY REVISIONS,
|
|
|
|
|
|
|
|
|
|
- 3472 -
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
 |
