Businesses Take Note: Updates to Maryland’s Data Breach Notification Law Take Effect January 1, 2018
James Benjamin, Jr. of Pessin Katz Law, P.A. writes:
On January 1, 2018, several amendments to the Maryland Personal Information Protection Act, (“MPIPA”) MD Code Ann., Com. Law §14-3501 et seq. will go into effect. Businesses collecting personal information should take note and be prepared.
Under the law as amended, the definition of “personal information” under §14-3501 has been greatly expanded. The current definition includes information such as first and last name, social security number, driver’s license numbers, and bank account numbers/ passwords. However, in light of amendments to the law, the definition of “personal information” will be more expansive and will also include the following:
- passport numbers
- health insurance policy numbers
- fingerprints/ retina scans or other biometric data
- any mental or physical health information (generally anything covered by HIPAA)
- usernames/passwords that give access to a person’s e-mail address
In addition, changes have been made to allow notification of a data breach to be made within a set period of time.
Read more of his helpful summary on JDSupra.