Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance
Ask a Question

Can you summarize MDCM Com. Law Section 14-3504?

Short Summary

This section of the Code of Maryland, Commercial Law, Title 14, Subtitle 35 governs the breach of the security of a system and notification requirements for businesses that own, license, or maintain computerized data containing personal information of individuals residing in the State. It defines ‘breach of the security of a system’ as the unauthorized acquisition of computerized data compromising the security, confidentiality, or integrity of personal information maintained by a business. The section outlines the obligations of businesses to conduct a reasonable and prompt investigation upon discovering or being notified of a breach, and to notify affected individuals unless it is reasonably determined that the breach does not create a likelihood of misuse. The notification must be given as soon as reasonably practicable, but not later than 45 days after discovering or being notified of the breach. The section also covers notification requirements for businesses that maintain personal information they do not own or license, and the sharing of breach information with the owner or licensee. It allows for delayed notification in certain circumstances, such as impeding a criminal investigation or restoring system integrity. The section specifies various methods of notification, including written notice, electronic mail, telephonic notice, and substitute notice. It also requires businesses to provide notice to the Office of the Attorney General prior to notifying affected individuals and includes provisions for breaches involving access to e-mail accounts. Compliance with this section does not relieve businesses from other federal law requirements related to the protection and privacy of personal information.

Whom does it apply to?

Businesses that own, license, or maintain computerized data containing personal information of individuals residing in the State

What does it govern?

Breach of the security of a system and notification requirements

What are exemptions?

Good faith acquisition of personal information by an employee or agent of a business for business purposes, provided it is not used or subject to further unauthorized disclosure

What are the Penalties?

No specific penalties mentioned

Jurisdiction

Maryland

Source
MDCM Com. Law Section 14-3504 [https://reggi.cloud.regology.com/regulations/US-MDCM/US-MDCM_C_gcl_S_14-3504]