Maryland Code, COMMERCIAL LAW 14-3503
Terms Used In Maryland Code, COMMERCIAL LAW 14-3503
(b) (1) A business that uses a nonaffiliated third party as a service provider to perform services for the business and discloses personal information about an individual residing in the State under a written contract with the third party shall require by contract that the third party implement and maintain reasonable security procedures and practices that:
(i) Are appropriate to the nature of the personal information disclosed to the nonaffiliated third party; and
(ii) Are reasonably designed to help protect the personal information from unauthorized access, use, modification, disclosure, or destruction.
(2) This subsection shall apply to a written contract that is entered into on or after January 1, 2009.