(a) In this section, “customer” means an individual residing in the State who provides personal information to a business for the purpose of purchasing or leasing a product or obtaining a service from the business.
(b) When a business is destroying a customer’s, an employee’s, or a former employee’s records that contain personal information of the customer, employee, or former employee, the business shall take reasonable steps to protect against unauthorized access to or use of the personal information, taking into account:
(1) The sensitivity of the records;
(2) The nature and size of the business and its operations;
(3) The costs and benefits of different destruction methods; and
(4) Available technology.
Structure Maryland Statutes
Title 14 - Miscellaneous Consumer Protection Provisions
Subtitle 35 - Maryland Personal Information Protection Act
Section 14-3502 - Protection Against Unauthorized Access or Use
Section 14-3503 - Security Procedures
Section 14-3504 - Security Breach
Section 14-3505 - Exclusivity and Preemption
Section 14-3506 - Notification to Credit Reporting Agencies