PUBLIC Law, Chapter 161, An Act To Amend the Laws Governing Notification after a Security Breach Involving Personal Information

An Act To Amend the Laws Governing Notification after a Security Breach Involving Personal Information

Be it enacted by the People of the State of Maine as follows:

Sec. 1. 10 MRSA §1347, sub-§1, as amended by PL 2005, c. 583, §1 and affected by §14, is further amended to read:

1. Breach of the security of the system. "Breach of the security of the system" or "security breach" means unauthorized acquisition , release or use of an individual's computerized data that includes personal information that compromises the security, confidentiality or integrity of personal information of the individual maintained by a person. Good faith acquisition , release or use of personal information by an employee or agent of a person on behalf of the person is not a breach of the security of the system if the personal information is not used for or subject to further unauthorized disclosure to another person.

Sec. 2. 10 MRSA §1347-A is enacted to read:

§ 1347-A. Release or use of personal information prohibited

It is a violation of this chapter for an unauthorized person to release or use an individual's personal information acquired through a security breach.

Sec. 3. 10 MRSA §1348, sub-§3, as enacted by PL 2005, c. 379, §1 and affected by §4, is amended to read:

3. Delay of notification; criminal investigation by law enforcement. The If, after the completion of an investigation required by subsection 1, notification is required under this section, the notification required by this section may be delayed if for no longer than 7 business days after a law enforcement agency determines that the notification will not compromise a criminal investigation ; the notification required by this section must be made after the law enforcement agency determines that it will not compromise the investigation.

Sec. 4. 10 MRSA §1349, sub-§4, as enacted by PL 2005, c. 583, §12 and affected by §14, is amended to read:

4. Exceptions. A person that complies with the security breach notification requirements of rules, regulations, procedures or guidelines established pursuant to federal law or the law of this State is deemed to be in compliance with the requirements of this chapter section 1348 as long as the law, rules, regulations or guidelines provide for notification procedures at least as protective as the notification requirements of this chapter section 1348.

Sec. 5. Application. This Act applies to a security breach discovered by a person subject to the Maine Revised Statutes, Title 10, chapter 210-B on or after the effective date of this Act.

Effective September 12, 2009

HP0672 LD 970	PUBLIC Law, Chapter 161 Signed on 2009-05-19 00:00:00.0 - First Regular Session - 124th Maine Legislature Text: MS-Word, RTF or PDF		LR 110 Item 1
	Bill Tracking	Chamber Status

Bill Tracking		Chamber Status
Amendments	Public Hearings & Work Sessions		Committee Information
Other Documents			Title & Section

Search Bill Text		Search Bill Status
Bill Directory	Session Information		Legislative Information
Get MS-Word and PDF versions		Maine Legislature

Office of Legislative Information 100 State House Station Augusta, ME 04333		voice: (207) 287-1692 fax: (207) 287-1580 tty: (207) 287-6826
Word Viewer for Windows		Disclaimer