The Maryland General Assembly has recently amended its Maryland Personal Information Protection Act, House Bill 974, effective January 1, 2018. Notable amendments expand the definition of personal information, modify the definition of breach of the security of the system, provide a 45-day timeframe for notification, allow alternative notice for breaches that enable an individual’s email to be accessed, and expand the class of information subject to Maryland’s destruction of records laws.
The coming years likely will bring a variety of amendments to state data breach notifications laws. Review our comprehensive discussion of Maryland’s new law, and trends in other state data breach notification laws.