Maryland Amends Data Breach Law

Hunton Andrews Kurth writes:

Maryland Governor Larry Hogan recently signed into law House Bill 1154 (the “Bill”), which amends the state’s data breach notification law. Among other obligations, the amendments expand the required actions a business must take after becoming aware of a data security breach.

Under the existing data breach notification law, a business that owns or licenses personal information and becomes aware of a data security breach must conduct a reasonable, prompt and good faith investigation to determine the likelihood that personal information has been or will be misused as a result of the breach. The Bill expands this investigatory requirement to apply expressly to all businesses that own, license or maintain the personal information of Maryland residents.

Resource: NY DFS Issues New Cybersecurity Guidance to Address Risks Associated with the Use of Third-Party Service Providers
California Sets 30 Day Deadline for Data Breach Notifications
California’s New Delete Request Tool Impacts Data Brokers and Residents
Shad White’s office finds nearly a third of Mississippi's state agencies fail cybersecurity requirements
California hospitals can escape fines if workers expose patient info
Harrods warns customers their personal data could have been stolen by hackers in new cyber-attack

Related: