(a) To protect personal information from unauthorized access, use, modification, or disclosure, a unit that collects personal information of an individual shall implement and maintain reasonable security procedures and practices that are appropriate to the nature of the personal information collected and the nature of the unit and its operations. (b) (1) This subsection shall apply to a written contract or agreement that is entered into on or after July 1, 2014. (2) A unit that uses a nonaffiliated third party as a service provider to perform services for the unit and discloses personal information about an individual under a written contract or agreement with the third party shall require by written contract or agreement that the third party implement and maintain reasonable security procedures and practices that: (i) are appropriate to the nature of the personal information disclosed to the nonaffiliated third party; and (ii) are reasonably designed to help protect the personal information from unauthorized access, use, modification, disclosure, or destruction.
‹ Prev All Maryland sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.