Article - Commercial Law
(a) In this subtitle the following words have the meanings indicated.
(b) (1) “Business” means a sole proprietorship, partnership, corporation, association, or any other business entity, whether or not organized to operate at a profit.
(2) “Business” includes a financial institution organized, chartered, licensed, or otherwise authorized under the laws of this State, any other state, the United States, or any other country, and the parent or subsidiary of a financial institution.
(c) “Encrypted” means the protection of data in electronic or optical form using an encryption technology that renders the data indecipherable without an associated cryptographic key necessary to enable decryption of the data.
(d) “Health information” means any information created by an entity covered by the federal Health Insurance Portability and Accountability Act of 1996 regarding an individual’s medical history, medical condition, or medical treatment or diagnosis.
(e) (1) “Personal information” means:
(i) An individual’s first name or first initial and last name in combination with any one or more of the following data elements, when the name or the data elements are not encrypted, redacted, or otherwise protected by another method that renders the information unreadable or unusable:
1. A Social Security number, an Individual Taxpayer Identification Number, a passport number, or other identification number issued by the federal government;
2. A driver’s license number or State identification card number;
3. An account number, a credit card number, or a debit card number, in combination with any required security code, access code, or password, that permits access to an individual’s financial account;
4. Health information, including information about an individual’s mental health;
5. A health insurance policy or certificate number or health insurance subscriber identification number, in combination with a unique identifier used by an insurer or an employer that is self–insured, that permits access to an individual’s health information; or
6. Biometric data of an individual generated by automatic measurements of an individual’s biological characteristics such as a fingerprint, voice print, genetic print, retina or iris image, or other unique biological characteristic, that can be used to uniquely authenticate the individual’s identity when the individual accesses a system or account; or
(ii) A user name or e–mail address in combination with a password or security question and answer that permits access to an individual’s e–mail account.
(2) “Personal information” does not include:
(i) Publicly available information that is lawfully made available to the general public from federal, State, or local government records;
(ii) Information that an individual has consented to have publicly disseminated or listed; or
(iii) Information that is disseminated or listed in accordance with the federal Health Insurance Portability and Accountability Act.
(f) “Records” means information that is inscribed on a tangible medium or that is stored in an electronic or other medium and is retrievable in perceivable form.