Maine Security Breach Law Enacted
Maine has become the latest state to enact a security breach law, in the wake of numerous publicized security breaches around the country. These became known as a result of California's security breach law.
The Governor signed LD 1671 on June 10.
The new law requires any business that owns or licenses electronic data containing personal information, following the discovery of a security breach, "to notify a subject person whose unencrypted personal information was, or is REASONABLY BELIEVED to have been, acquired by an unauthorized person."
"Security breach" means the compromise of the security, confidentiality or integrity of computerized data that results in unauthorized acquisition of and access to personal information maintained by a business or that creates a
reasonable basis for the conclusion that such acquisition has occurred.
"Security breach" does not include the good faith acquisition of personal information by an employee or agent of a business for the purposes of that business if the personal information is not used or subject to further unauthorized disclosure.
Failure to follow the law can result in fines of up to $25,000 per day.
"Personal information" means "an individual's last name in combination with one or more of the following data elements, when either the name or the data elements are not encrypted:
A. Social security number
B. Driver's license number or state identification number
C. Account number or credit or debit card number in
combination with any required security code, access code or
password that would permit access to an individual's account
or financial records as defined in Title 9-B, section 161.
The Governor signed LD 1671 on June 10.
The new law requires any business that owns or licenses electronic data containing personal information, following the discovery of a security breach, "to notify a subject person whose unencrypted personal information was, or is REASONABLY BELIEVED to have been, acquired by an unauthorized person."
"Security breach" means the compromise of the security, confidentiality or integrity of computerized data that results in unauthorized acquisition of and access to personal information maintained by a business or that creates a
reasonable basis for the conclusion that such acquisition has occurred.
"Security breach" does not include the good faith acquisition of personal information by an employee or agent of a business for the purposes of that business if the personal information is not used or subject to further unauthorized disclosure.
Failure to follow the law can result in fines of up to $25,000 per day.
"Personal information" means "an individual's last name in combination with one or more of the following data elements, when either the name or the data elements are not encrypted:
A. Social security number
B. Driver's license number or state identification number
C. Account number or credit or debit card number in
combination with any required security code, access code or
password that would permit access to an individual's account
or financial records as defined in Title 9-B, section 161.
posted by - at 3:31 PM
4 Comments:
Nice dispatch and this post helped me alot in my college assignement. Thanks you as your information.
Oh my god, there's a lot of useful information in this post!
I discovered your web site via Google while looking for a related subject, lucky for me your web site came up, its a great website. I have bookmarked it in my Google bookmarks. You really are a phenomenal person with a brilliant mind!
Thanks , I've recently been looking for information about this subject for a long time and yours is the greatest I've found out so far.
But, what concerning the bottom line? Are you sure in regards to the source?
Also visit my homepage :: how much should i weigh calculator
Post a Comment
<< Home