|
September 26, 2019 – Both Maryland and New Jersey have made recent changes to their data breach laws. The changes will significantly increase consumer protections in these states.
The updates to New Jersey’s law essentially update the state’s definition of “personally identifiable information” (PII) to include an email address or a user name when combined with a password or the answers to security questions. The change makes it the 11th state to include information that can lead to online account take-overs by hackers. It went into effect on September 1st.
An equally significant update to Maryland’s data breach notification law will go into effect on October 1st. From that point on, health providers will be required to notify the state’s Insurance Administration when patient data is exposed in a breach.
The change in Maryland’s law impacts HMO’s, insurance companies, healthcare providers and insurance administrators. Notification to the state is required when a person’s name is included in a breach along with unencrypted standard PII, an insurance policy number or a medical record number. Furthermore, if the party breached believes that breached data may be misused, notification is required even in cases where the data is encrypted.
by Jim Malmberg
Note: When posting a comment, please sign-in first if you want a response. If you are not registered, click here. Registration is easy and free.
|
Politics & Politicians 
