Unannotated Code of Maryland (Last Updated: May 16, 2014) |
STATE GOVERNMENT |
TITLE 10. GOVERNMENTAL PROCEDURES |
SUBTITLE 13. PROTECTION OF INFORMATION BY GOVERNMENT AGENCIES (SUBTITLE EFFECTIVE JULY 1, 2014) |
§ 10-1304. Security measures
Latest version.
-
(a) In general. -- To protect personal information from unauthorized access, use, modification, or disclosure, a unit that collects personal information of an individual shall implement and maintain reasonable security procedures and practices that are appropriate to the nature of the personal information collected and the nature of the unit and its operations.
(b) Requirements for third-party service providers. --
(1) This subsection shall apply to a written contract or agreement that is entered into on or after July 1, 2014.
(2) A unit that uses a nonaffiliated third party as a service provider to perform services for the unit and discloses personal information about an individual under a written contract or agreement with the third party shall require by written contract or agreement that the third party implement and maintain reasonable security procedures and practices that:
(i) are appropriate to the nature of the personal information disclosed to the nonaffiliated third party; and
(ii) are reasonably designed to help protect the personal information from unauthorized access, use, modification, disclosure, or destruction.