The legislation could be introduced as early as today or tomorrow by Del. Brian R. Moe and Sen. Leonard H. Teitelbaum, who serve on the Joint Technology Oversight Committee, said Steve Sakamoto-Wengel, assistant attorney general in the Consumer Protection Division.
Alpharetta, Ga.-based ChoicePoint discovered in October that it had sold personal consumer data to thieves posing as legitimate companies. The data-collection company, which culls information from public documents and sells it to other companies, began alerting more than 34,000 California residents in January.
Investigators told ChoicePoint that the problem reached beyond California. Last month, the company began notifying a total of 145,000 residents across the country, including 2,750 residents in Maryland.
Moe, a Democrat who represents portions of Anne Arundel and Prince George's counties, could not be reached for comment yesterday evening. Teitelbaum said privacy issues have been in the forefront during this session of the General Assembly as consumer concern has grown over the rising number of identity theft cases.
Teitelbaum, a Montgomery County Democrat, expects passage of the legislation.
"I can't imagine who would oppose it," he said.
Under the proposed legislation, any company doing business in Maryland that collects personal information about residents would be required to notify them as soon as possible once a security breach is discovered, Teitelbaum said. Personal information includes Social Security numbers, credit and debit card account information, driver's license and medical information.
Additionally, once companies no longer need a customer's personal information, they would be required to destroy it.
The law "would include security rules for discarding personal information collected," said Sakamoto-Wengel, whose office has been working with legislators on the bill. "You can't just throw it in the trash can."
Sakamoto-Wengel said notification that personal data has been compromised will allow consumers to take measures to protect themselves, such as placing a fraud alert on their credit report. A fraud alert requests that creditors contact consumers before any new credit is issued in their name.