Carroll County Times Articles
Protecting Personal Information in 2008
by Jeannine Morber– November 22, 2007
On January 1st, 2008, Maryland's new data protection law, the Personal Information Protection Act of 2007, goes into effect. The law applies to businesses and non-profits alike and requires those that store customer or client personal information maintain "reasonable security measures" to prevent the information from possibly ending up in the hands of those with malicious intentions.
According to the law, "personal information" is defined as first name or first initial and last name, in addition to any one of the following: Social Security number, driver's license number, bank account number, credit card number or taxpayer identification number. In addition to merchants, this type of information is often kept by organizations that are not necessarily selling products or services. For instance, non-profit organizations that accept donations by credit card or organizations that identify clients by Social Security number will also be affected by the new law.
The law states that those who store personal information must use "reasonable security procedures and practices" to keep that information secure. Just what is considered "reasonable" depends on the size of the company and the type of information. For instance, large companies that store large amounts of financial records on customers would have higher standards to follow than would a smaller company with very few personal records.
The law also states what steps companies must take in the event of a security breach. For instance, companies must investigate breaches to determine which customers were affected and how likely is it that the information could be misused. Companies must also notify the Attorney General of a breach and provide information about the breach. The law does not require companies to inform customers of all security breaches though. Basically, a company may opt to not inform affected customers, but the law states that it must do so in good faith.
For those of you interested in more information about the new law and how to ensure compliance, the Carroll Tech Council is hosting an informative presentation by Michael D. Oliver Esq. of Bowie and Jensen LLC on Wednesday, November 28th at 6:00PM at the Non Profit Center in Westminster. Representatives from local data security companies will also be on hand to answer questions and offer solutions. The event is $10.00 and is open to the public. Registration is required. To register please call the Tech Council office at 443-244-1262 or email jeannine@carrolltechcouncil.org.
About the Author
Jeannine Morber is the Director of the Carroll Technology Council. Questions are welcome and may be addressed in future articles. Email mail@carrolltechcouncil.org or go to www.carrolltechcouncil.org to learn more.
