Maryland personal information protection act

Maryland HB 208 of 2008 requires that a business that owns or licenses computerized data that includes personal information of an individual residing in the state, when it discovers or is notified of a breach of the security of a system, shall conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information of the individual has been or will be misused as a result of the breach. It is applicable to any person that conducts business in the state and owns or licenses computerized data or maintains such data. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• Maryland Personal Information Protection Act: Name and SSN
• Maryland Personal Information Protection Act: Name and DL
• Maryland Personal Information Protection Act: Name and CCN
• Maryland Personal Information Protection Act: Name and Password (Wide)
• Maryland Personal Information Protection Act: Name and Password (Default)
• Maryland Personal Information Protection Act: Name and Password (Narrow)
• Maryland Personal Information Protection Act: Password Dissemination for HTTP Traffic (Wide)
• Maryland Personal Information Protection Act: Password Dissemination for HTTP Traffic (Default)
• Maryland Personal Information Protection Act: Password Dissemination for HTTP Traffic (Narrow)
• Maryland Personal Information Protection Act: Account and Password