Maryland passed a bill amending breach of security requirements. Under the bill, a business that maintains but does not own or license personal information must provide notice of a breach of security to the business that owns or licenses the personal information within 10 days of discovering the breach of security. Previously, the notice was required within 45 days. The bill also amended the time within which a security breach disclosure must be provided if the disclosure is delayed pursuant to an internal or criminal investigation. In addition, the bill mandated the information that must be included in the security breach notification provided to the attorney general, and clarified the notification requirement when notifying affected individuals via the media. The bill becomes effective October 1, 2022.
Click to view the Maryland House Bill 962: https://www.tenaco.com/wp-content/uploads/2022/06/MD-HB-962-06-02-22.pdf
