Maryland Legal Alert for Financial Services

Hero Image for page

Maryland Legal Alert - March 2007


The Office of the Commissioner of Financial Regulation has added a new page on its website where it will post final actions taken against licensed and unlicensed persons for violations of Maryland law. Based on conversations with Commissioner's office personnel, the website will not list consent agreements, consent orders, or other results of negotiated arrangements between the State and persons subject to State scrutiny. Rather, it will list final cease and desist orders, hearing decisions that result in adverse consequences for the person subject to State scrutiny, and similar final administrative actions. Once listed, a final action may be posted for as long as 3 years. The possibility that information about administrative actions now will be available on the internet may well be a significant factor in how persons subject to scrutiny by the Commissioner's office approach their regulatory situation. For more information, please contact Chris Rahl.


As the Maryland General Assembly considers new data security breach legislation, businesses should take note that neighboring Washington, D.C. has passed its own data security breach notification law. The new law, which applies as of July 1, 2007, requires any person or entity doing business in the District of Columbia to notify District residents in the event of a data security breach involving residents' personal information. The notice is required to be made in the most expedient time possible, but notice may be delayed upon request of law enforcement. District residents injured by a violation of the law may recover actual damages, costs and reasonable attorney's fees. Financial institutions are deemed in compliance with the new law if complying with notice requirements under regulations and guidelines issued pursuant to Title V of the Gramm-Leach-Bliley Act, including the Interagency Guidance on Response Programs for Unauthorized Access to Customer Information and Customer Notice. If you have questions about data security breach notice requirements, please e-mail Christopher Rahl.