HP0672, LD 970, item 1, An Act To Amend the Laws Governing Notification after a Security Breach Involving Personal Information

An Act To Amend the Laws Governing Notification after a Security Breach Involving Personal Information

Be it enacted by the People of the State of Maine as follows:

Sec. 1. 10 MRSA §1347, sub-§1, as amended by PL 2005, c. 583, §1 and affected by §14, is further amended to read:

1. Breach of the security of the system. "Breach of the security of the system" or "security breach" means unauthorized acquisition , release or use of an individual's computerized data that includes personal information that compromises the security, confidentiality or integrity of personal information of the individual maintained by a person. Good faith acquisition , release or use of personal information by an employee or agent of a person on behalf of the person is not a breach of the security of the system if the personal information is not used for or subject to further unauthorized disclosure to another person.

Sec. 2. 10 MRSA §1347-A is enacted to read:

§ 1347-A. Release or use of personal information prohibited

It is a violation of this chapter for an unauthorized person to release or use an individual's personal information acquired through a security breach.

Sec. 3. 10 MRSA §1348, sub-§3, as enacted by PL 2005, c. 379, §1 and affected by §4, is amended to read:

3. Delay of notification for law enforcement purposes. The notification required by this section may be delayed for no longer than 7 business days if a law enforcement agency determines that the notification will compromise a criminal investigation; the notification required by this section must be made after the law enforcement agency determines that it will not compromise the investigation.

Sec. 4. 10 MRSA §1349, sub-§4, as enacted by PL 2005, c. 583, §12 and affected by §14, is amended to read:

4. Exceptions. A person that complies with the security breach notification requirements of rules, regulations, procedures or guidelines established pursuant to federal law or the law of this State is deemed to be in compliance with the requirements of this chapter section 1348 as long as the law, rules, regulations or guidelines provide for notification procedures at least as protective as the notification requirements of this chapter section 1348.

SUMMARY

This bill amends the security breach notification laws. The bill makes it clear that the release or use of personal information acquired through a security breach by an unauthorized person constitutes a violation of the law. The bill also requires that any delay for law enforcement purposes in notification to persons affected by a security breach may not be longer than 7 business days.

HP0672 LD 970	First Regular Session - 124th Maine Legislature Text: MS-Word, RTF or PDF		LR 110 Item 1
	Bill Tracking	Chamber Status

Bill Tracking		Chamber Status
Amendments	Public Hearings & Work Sessions		Committee Information
Other Documents			Title & Section

Search Bill Text		Search Bill Status
Bill Directory	Session Information		Legislative Information
Download MS-Word, PDF		Maine Legislature

Office of Legislative Information 100 State House Station Augusta, ME 04333		voice: (207) 287-1692 fax: (207) 287-1580 tty: (207) 287-6826
Word Viewer for Windows		Disclaimer