(a) If a business is required under § 14–3504 of this subtitle to give notice of a breach of the security of a system to 1,000 or more individuals, the business also shall notify, without unreasonable delay, each consumer reporting agency that compiles and maintains files on consumers on a nationwide basis, as defined by 15 U.S.C. § 1681a(p), of the timing, distribution, and content of the notices.
(b) This section does not require the inclusion of the names or other personal identifying information of recipients of notices of the breach of the security of a system.
Structure Maryland Statutes
Title 14 - Miscellaneous Consumer Protection Provisions
Subtitle 35 - Maryland Personal Information Protection Act
Section 14-3502 - Protection Against Unauthorized Access or Use
Section 14-3503 - Security Procedures
Section 14-3504 - Security Breach
Section 14-3505 - Exclusivity and Preemption
Section 14-3506 - Notification to Credit Reporting Agencies