Businesses Take Note: Updates to Maryland’s Data Breach Notification Law Take Effect January 1, 2018

James Benjamin, Jr. of Pessin Katz Law, P.A. writes:

On January 1, 2018, several amendments to the Maryland Personal Information Protection Act, (“MPIPA”) MD Code Ann., Com. Law §14-3501 et seq. will go into effect.  Businesses collecting personal information should take note and be prepared.

Under the law as amended, the definition of “personal information” under §14-3501 has been greatly expanded. The current definition includes information such as first and last name, social security number, driver’s license numbers, and bank account numbers/ passwords. However, in light of amendments to the law, the definition of “personal information” will be more expansive and will also include the following:

  • passport numbers
  • health insurance policy numbers
  • fingerprints/ retina scans or other biometric data
  • any mental or physical health information (generally anything covered by HIPAA)
  • usernames/passwords that give access to a person’s e-mail address

In addition, changes have been made to allow notification of a data breach to be made within a set period of time.

Read more of his helpful summary on JDSupra.

About the author: Dissent

Comments are closed.