Maryland Amends Data Breach Law

Hunton Andrews Kurth writes:

Maryland Governor Larry Hogan recently signed into law House Bill 1154 (the “Bill”), which amends the state’s data breach notification law. Among other obligations, the amendments expand the required actions a business must take after becoming aware of a data security breach.

Under the existing data breach notification law, a business that owns or licenses personal information and becomes aware of a data security breach must conduct a reasonable, prompt and good faith investigation to determine the likelihood that personal information has been or will be misused as a result of the breach. The Bill expands this investigatory requirement to apply expressly to all businesses that own, license or maintain the personal information of Maryland residents.

Governor Hochul Announces Nation-Leading Cybersecurity Strategy
Protect Good Faith Security Research Globally in Proposed UN Cybercrime Treaty
Utah Enacts Amendments to State Breach Notification Law
Two States Enact Insurance Data Security Laws
Senator Toomey reintroduces bill to preempt state data breach notification laws

Related: