On May 29, Maryland HB 962 was enacted under Article II, Section 17(c) of the Maryland Constitution - Chapter 502, which amends the Maryland Personal Information Protection Act. The bill, among other things, expands the types of businesses that are required to implement and maintain reasonable security procedures and practices to protect personal information from unauthorized use. The bill also decreases the period within which certain businesses must provide required notifications to consumers after a data breach. Violation of the bill’s provisions are considered to be an unfair, abusive, or deceptive trade practice under the Maryland Consumer Protection Act (MCPA), subject to MCPA’s civil and criminal penalty provisions. The law is effective October 1.