Home Table of Contents

§ 14-3503. Reasonable security procedures and practices

West's Annotated Code of MarylandCommercial LawEffective: January 1, 2008

West's Annotated Code of Maryland
Commercial Law
Title 14. Miscellaneous Consumer Protection Provisions
Subtitle 35. Maryland Personal Information Protection Act (Refs & Annos)
Effective: January 1, 2008
MD Code, Commercial Law, § 14-3503
§ 14-3503. Reasonable security procedures and practices
Currentness
(a) To protect personal information from unauthorized access, use, modification, or disclosure, a business that owns or licenses personal information of an individual residing in the State shall implement and maintain reasonable security procedures and practices that are appropriate to the nature of the personal information owned or licensed and the nature and size of the business and its operations.
(b)(1) A business that uses a nonaffiliated third party as a service provider to perform services for the business and discloses personal information about an individual residing in the State under a written contract with the third party shall require by contract that the third party implement and maintain reasonable security procedures and practices that:
(i) Are appropriate to the nature of the personal information disclosed to the nonaffiliated third party; and
(ii) Are reasonably designed to help protect the personal information from unauthorized access, use, modification, disclosure, or destruction.
(2) This subsection shall apply to a written contract that is entered into on or after January 1, 2009.

Credits

Added by Acts 2007, c. 531, § 1, eff. Jan. 1, 2008; Acts 2007, c. 532, eff. Jan. 1, 2008. Amended by Acts 2017, c. 518, § 1, eff. Jan. 1, 2018.
MD Code, Commercial Law, § 14-3503, MD COML § 14-3503
Current through all legislation from the 2020 Regular Session of the General Assembly.
End of Document© 2021 Thomson Reuters. No claim to original U.S. Government Works.