CUSystem writes:
The Maine Credit Union League and representatives from Maine’s credit unions recently testified on two bills about breach notices and student-loan insurance bills, before two separate state legislative committees in Augusta.
L.D. 158 requires that notice of a security breach must be made no later than 30 days after discovery of the breach to residents affected by the breach. It also would double the financial penalties for a civil violation.
Rebekah Higgins, assistant vice president of card services for Synergent, testified Feb. 28 before the Insurance and Financial Services Committee on behalf of the Maine league, which opposes the bill (Weekly Update March 8).
Read more on Credit Union National Association.
You can find the text of the bill here (pdf). It incorporates two different triggers to notification: for information brokers, the trigger would be acquisition, or reasonable belief of acquisition, of computerized data containing personal information by an unauthorized individual. For others, the trigger is “misuse of the personal information has occurred or if it is reasonably possible that misuse will occur.” The inclusion of “no later than 30 days” notification language would appear to limit for how long entities can delay notification in the event of a law enforcement investigation, something the Maine Credit Union League noted in their testimony.