| | | Be it enacted by the People of the State of Maine as follows: |
|
| | | Sec. 1. 10 MRSA c. 210-B is enacted to read: |
|
| | | NOTICE OF RISK TO PERSONAL DATA |
|
| | | This chapter may be known and cited as "the Notice of Risk to | | Personal Data Act." |
|
| | | As used in this chapter, unless the context otherwise | | indicates, the following terms have the following meanings. |
|
| | | 1.__Business. "Business" means a person, including a | | corporation, doing business in the State. |
|
| | | 2.__Encryption.__"Encryption" means the disguising of data | | using generally accepted practices. |
|
| | | 3.__Personal information.__"Personal information" means an | | individual's last name in combination with one or more of the | | following data elements, when either the name or the data | | elements are not encrypted: |
|
| | | A.__Social security number; |
|
| | | B.__Driver's license number or state identification number; | | and |
|
| | | C.__Account number or credit or debit card number in | | combination with any required security code, access code or | | password that would permit access to an individual's account | | or financial records as defined in Title 9-B, section 161. |
|
| | | 4.__Reasonable notification procedures.__"Reasonable | | notification procedures," with respect to a security breach, | | means procedures that: |
|
| | | A. Use a security program reasonably designed to block | | unauthorized transactions before they are charged to a | | customer's account; |
|
| | | B.__Provide for notice to be given to a subject person by the | | owner or licensee of a database or an agent of the owner or | | licensee after the security program required under |
|
|
