An Act To Amend the Notice of Risk to Personal Data Act To Further Protect Consumers
Sec. 1. 10 MRSA §1348, sub-§1, as repealed and replaced by PL 2005, c. 583, §6 and affected by §14, is amended to read:
The notices required under paragraphs A and B must be made as expediently as possible and without unreasonable delay, consistent with the legitimate needs of law enforcement pursuant to subsection 3 or with measures necessary to determine the scope of the security breach and restore the reasonable integrity, security and confidentiality of the data in the system. In no event may notice be provided later than 30 days after the discovery of the breach of the security of the system.
Sec. 2. 10 MRSA §1348, sub-§5, as amended by PL 2005, c. 583, §9 and affected by §14, is further amended to read:
Sec. 3. 10 MRSA §1349, sub-§2, ¶A, as amended by PL 2005, c. 583, §11 and affected by §14, is further amended to read:
This bill requires that notice of a security breach pursuant to the Notice of Risk to Personal Data Act must be made no later than 30 days after discovery of the breach to residents affected by the breach and must be made immediately to state regulators. The bill also doubles the financial penalties for a civil violation.