In response to trends, heightened public awareness, and a string of large-scale data breaches, states continue to enhance their data breach notification laws. In 2017 Maryland amended its Personal Information Protection Act (PIPA) with expansion of the definition of personal information, modification of the definition of “breach of the security of the system”, establishing a 45-day timeframe for notification and expansion of the class of information subject to Maryland’s data destruction laws. Now, Maryland has again amended PIPA, with HB 1154 in effect from October 1, 2019, notably enhancing the requirements for a business once it becomes aware of a data security breach.
Home > State Law Articles > Maryland > General (MD) > Maryland Again Amends its Data Breach Notification Law