Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Maryland
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
Within 45 days

FINES & PENALTIES – Violations
Constitutes an unfair trade practice

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Maryland Privacy Law Information

PRIVACY PROGRAM

Organizations must have measures in place for the secure disposal of personal information. Organizations must contract with Vendors to whom the Organization discloses personal information. Organizations and Vendors must implement and maintain reasonable security procedures and practices for protecting personal information. There are specific security requirements for handling social security numbers.

BREACH REPORTING

Breach reporting must be made to the Office of the Attorney General, prior to consumer notification. Breach reporting to each consumer reporting agency that compiles and maintains files on consumers on a nationwide basis is required for breaches involving 1,000 or more individuals.

CONSUMER NOTIFICATION

There is specific information that must be included in consumer notifications.

VENDOR/THIRD PARTIES

Vendors must notify Organizations without delay, but no later than 10 days, after the discovery of a breach or suspected breach and provide the necessary information concerning the breach incident. The Organization will be responsible to complete any required regulatory reporting an10 consumer notification. Vendors are prohibited from charging a fee to provide any necessary information to an Organization regarding a breach.

INDUSTRY SPECIFIC LAWS

Maryland passed the Insurance Data Security Law, which includes requirements for insurance licensees to protect personal information and investigate and respond to breaches of security. Effective October 1, 2019, licensees must comply with breach notification requirements, including Commissioner notification within 45 days.

FINES & PENALTIES

Organizations may be fined or penalized for Vendor violations. Failure to comply with requirements under the Personal Information Protection Act constitutes an unfair trade practice.

Maryland Statutes and Laws

§ 4-406, ANNOTATED CODE OF MARYLAND – INSURANCE ARTICLE & BULLETIN 19-14
MD COMM L CODE § 14-1318

Consumer protection provisions

MD COMM L CODE §§ 14-3401 – 14-3402

The social security number privacy act

MD COMM L CODE §§ 14-3501 – 3508

Personal information protection act

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.