Maryland's laws regarding the security of personal information are "primitive and ineffective," according to Michael Greenberger, JD, founder and director of the University of Maryland Center for Health and Homeland Security (CHHS) and a member of the Maryland Commission on Cyber Security Innovation and Excellence. Testifying on Feb. 20 to House and Senate committees in Annapolis, Greenberger urged the passage of bills that would tighten security and reporting requirements on businesses and on the state.
The measures (House Bills 0959 and 0960; Senate Bills 0676 and 0859) came out of work by the Commission, created by state law in 2011 and comprising business leaders, security company executives, higher education officials, and Delegate Susan Lee of Montgomery County and state Sen. Catherine Pugh of Baltimore. Greenberger is a member of the Commission, and CHHS Senior Law and Policy Analyst Peter Suh, JD, MST, serves as a technical analyst.
Lee and Pugh sponsored the bills, and testified for them. In addition to Greenberger and Suh, Commission member Russell Butler, executive director of the Maryland Crime Victims' Resource Center, and Greg von Lehmen, provost of University of Maryland University College and a Commission staffer, also testified.
Greenberger said that by tightening the personal identification security and reporting requirements, businesses might avoid paying millions of dollars in damages and recovery operations by avoiding major data breaches. The bills also, for the first time, force the state government to develop better security plans for the stores of personal data it keeps on residents.
Breaches of personal information, in addition to being enormously disruptive for individuals, can also be used by criminals and, according to the Commission, can help terrorists use stolen identities to more easily enter the country.