An Act To Require Municipalities and School Districts To Provide Notice of Breaches in Personal Data Security
Sec. 1. 10 MRSA §1347, sub-§5, as amended by PL 2005, c. 583, §3 and affected by §14, is further amended to read:
Sec. 2. 10 MRSA §1348, sub-§1, as repealed and replaced by PL 2005, c. 583, §6 and affected by §14, is amended to read:
The notices required under paragraphs A and B must be made as expediently as possible and without unreasonable delay, consistent with the legitimate needs of law enforcement pursuant to subsection 3 or with measures necessary to determine the scope of the security breach and restore the reasonable integrity, security and confidentiality of the data in the system. If there is no delay of notification due to law enforcement investigation pursuant to subsection 3, the notices must be made no more than 30 days after the person identified in paragraph A or B becomes aware of a breach of security and identifies its scope.
Sec. 3. 10 MRSA §1349, sub-§2, ¶A, as amended by PL 2005, c. 583, §11 and affected by §14, is further amended to read: