If you Experience a Data Breach here is a general Template for how the process will play out:

1 – Notification of breach: The business or organization must notify the Attorney General’s office of the data breach in accordance with Maryland’s data breach notification law. This law requires that businesses and organizations notify affected individuals and the Attorney General’s office as soon as practicable, but no later than 45 days after discovering the breach.

2 – Investigation: The Attorney General’s office may conduct an investigation into the data breach to determine the scope of the breach, the cause of the breach, and the steps taken by the business or organization to mitigate the effects of the breach.

3 – Determination of fines and penalties: Based on the results of the investigation, the Attorney General’s office may determine that fines and penalties are warranted. The amount of the fines and penalties can vary depending on factors such as the severity and duration of the breach, the number of individuals affected, the steps taken by the business or organization to prevent future breaches, and any previous violations of data breach laws.

4 – Enforcement: The Attorney General’s office can take legal action to enforce fines and penalties against businesses and organizations that fail to comply with data breach notification laws or that are found to be negligent in protecting personal information.

Shred Instead’s “SI Protection Program” can help you put the correct Policies and Procedures in place to not only help prevent a Data Breach but also put a plan in place in the event a Breach occurs and show compliance with the Statutes and Laws found here.