MD Cybersecurity Commission Legislation
CHHS Founder and Director Helps Lead Maryland’s Efforts for Cybersecurity Innovation and Excellence
Cybersecurity breaches and the threat of those breaches have been widely identified on an almost daily basis in the Nation’s media as the foremost threat to United States security. CHHS has been actively involved in this important new area. Our staff created, and is now teaching for the second time, a landmark course at the University of Maryland Francis King Carey School of Law entitled “The Law and Policy of Cybersecurity.”
We are also taking a leading role in the State of Maryland by helping businesses and the state government develop improved plans to fend off cyber attacks. For example, in 2011, the Maryland General Assembly created the Commission on Maryland Cybersecurity Innovation and Excellence. The Commission was tasked with producing a comprehensive overview of current Maryland cybersecurity policy and developing recommendations for a coordinated, rapid response to cyber attacks on government and commercial networks and computer systems. CHHS Founder and Director Michael Greenberger was appointed to the Commission by Maryland Governor Martin O’Malley. In that capacity, Mr. Greenberger has presented a series of recommendations to strengthen Maryland’s existing data security framework for businesses and also to apply this framework to Maryland state or local government agencies.
The Commission unanimously approved Michael Greenberger’s recommendations and various bills drafted to implement those recommendations. CHHS Senior Law & Policy Analyst Peter Suh worked with Mr. Greenberger and served as a technical analyst to the Commission for purposes of drafting this legislation. The Commission co-chairs, Maryland Senator Catherine Pugh and Delegate Susan Lee, introduced those bills in both Houses of the Maryland General Assembly.
On February 20, 2013, Mr. Greenberger and Mr. Suh testified in favor of the House and Senate bills designed to implement the Commission’s recommendations before three separate Committees of the General Assembly. Mr. Greenberger and Mr. Suh’s testimony focused on how the bills, in addition to protecting Maryland citizens’ privacy, will help make it more difficult for domestic and foreign hackers to steal the identity of Maryland citizens. Additionally, on March 19, 2013, CHHS Law & Policy Analyst Avery Blank testified with Delegate Susan Lee before the House Economic Matters Subcommittee on the proposed revisions to the bills.
As the 2013 legislative session was coming to a close in April, and after a great deal of negotiation, the Maryland General Assembly passed two of the Cybersecurity Commission’s bills. One bill, entitled Identity Fraud – Health Information and Health Care Records, expands the current Identity Fraud statute to include “health information” and health care records. This is a significant step to better protect Maryland residents, as the rapid push to have medical records in electronic form has migrated medical identity to the internet. The second bill establishes, for certain specified units of Maryland State and local government, prescribed requirements with regard to the protection of an individual’s personal information from unauthorized access. Governor Martin O’Malley signed the two bills into law in May 2013. It is the Center’s hope that this legislation will become a model for other states to follow.