(a) In this subtitle the following words have the meanings indicated. (b) (1) “Business” means a sole proprietorship, partnership, corporation, association, or any other business entity, whether or not organized to operate at a profit. (2) “Business” includes a financial institution organized, chartered, licensed, or otherwise authorized under the laws of this State, any other state, the United States, […]
(a) In this section, “customer” means an individual residing in the State who provides personal information to a business for the purpose of purchasing or leasing a product or obtaining a service from the business. (b) When a business is destroying a customer’s, an employee’s, or a former employee’s records that contain personal information of the customer, […]
(a) To protect personal information from unauthorized access, use, modification, or disclosure, a business that owns or licenses personal information of an individual residing in the State shall implement and maintain reasonable security procedures and practices that are appropriate to the nature of the personal information owned or licensed and the nature and size of the […]
(a) In this section: (1) “Breach of the security of a system” means the unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of the personal information maintained by a business; and (2) “Breach of the security of a system” does not include the good faith acquisition of personal information by an employee or agent […]
The provisions of this subtitle are exclusive and shall preempt any provision of local law.
(a) If a business is required under § 14–3504 of this subtitle to give notice of a breach of the security of a system to 1,000 or more individuals, the business also shall notify, without unreasonable delay, each consumer reporting agency that compiles and maintains files on consumers on a nationwide basis, as defined by 15 […]
(a) In this section, “affiliate” means a company that controls, is controlled by, or is under common control with a business described in subsection (c)(1) or (d)(1) of this section. (b) A business that complies with the requirements for notification procedures, the protection or security of personal information, or the destruction of personal information under the rules, […]
A violation of this subtitle: (1) Is an unfair or deceptive trade practice within the meaning of Title 13 of this article; and (2) Is subject to the enforcement and penalty provisions contained in Title 13 of this article.
