McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeProducts & SolutionsData ProtectionUS & Global Data Protection LawsSecurity Breach Notification Laws

Maryland

Maryland Personal Information Protection Act
CITATION Maryland Code, Commercial Law: § 14-3501 et seq.
ENACTED 2007
SUMMARY In order to protect personal information from unauthorized access, use, modification, or disclosure, a business that owns or licenses personal information of an individual residing in Maryland must implement and maintain reasonable security procedures and practices that are appropriate to the nature of the personal information owned or licensed and the nature and size of the business and its operations.
DATA COVERED

The law applies to an individual's first name or first initial and last name in combination with any one or more of the following data elements, when the name or the data elements are not encrypted, redacted or otherwise protected by another method that renders the information unreadable or unusable:

  1. Social Security number;
  2. Driver's license number;
  3. Financial account number, including a credit card number or debit card number, that in combination with any required security code, access code, or password, would permit access to an individual’s financial account; or
  4. Individual taxpayer identification number.
INDUSTRY Any business that owns or licenses personal information of an individual residing in the State.
PENALTIES

A violation is considered a violation of the consumer fraud law. The Attorney General can pursue an injunction to prevent future violations. The Attorney General may also pursue monetary damages and can recover the State’s costs.

The Act provides for a number of civil and criminal penalties:

  1. First violation: A merchant who engages in a violation is subject to a fine of not more than one thousand dollars ($1,000) for each violation;
  2. Subsequent violation: Not more than five thousand dollars ($5,000) for each subsequent violation.
  3. Criminal penalties: Any person who violates any provision of the Act is guilty of a misdemeanor and is subject to a fine not exceeding one thousand dollars ($1,000) or imprisonment not exceeding one year or both, in addition to the civil penalties.
United States - English