Under a new Maryland law, businesses or organizations that lose their customer's personal data must notify them immediately. The law has already helped victims, according to the Baltimore Sun, by making them aware when companies holding their personal data have suffered breaches. There have been several incidents already this year.
Thirty-nine businesses or groups have reported losses of sensitive information involving about 87,500 Maryland residents in the three months since a state law took effect requiring that people be informed of such incidents, records show.
Jeannine Kenney, a senior policy analyst with Consumers Union, said the new Maryland law ensures that people will learn when their personal information has been compromised without having to rely on the good will of businesses.
The law has resulted in more than three dozen personal information security breaches being filed with the Maryland attorney general's office this year, including the revelation last week that a Maryland dental HMO inadvertently posted the names, addresses, and Social Security numbers of over 75,000 customers on its Web site.
Maryland's notification law stemmed from Johns Hopkins University's loss of the personal information of more than 135,000 current and former employees last year. In addition, lawmakers also passed a measure that allows customers to place a "security freeze" on their credit reports. Security freezes stop businesses from accessing an individual's credit report without their knowledge or permission. Businesses seek credit reports to examine a person's credit-worthiness before extending credit or marketing to that person. But it can also be the first step in identity theft, because it allows a criminal posing as a business to obtain the person's credit history and other personal information.
Each freeze costs $5 apiece, which means customers can protect their credit rating for only $15 by getting freezes from all three credit reporting agencies when they know a breach of their personal information has occurred.