Skip Navigation

6310 Hillside Court
Suite 160
Columbia, MD 21046

P. 410-290-0707

111 South Calvert Street

Suite 2700

Baltimore, MD 21202

P. 410-962-1199

MD Personal Information Protection Act

Maryland Personal Information Protection Act

Maryland businesses now have a statutory obligation to maintain the security of personal information of individuals.  Pursuant to the Maryland Personal Information Protection Act, effective January 1, 2008, Maryland businesses have certain obligations with regard to “personal information” of individuals with whom they do business or whose personal information is included in data records owned or licensed by the business.  The data covered by the new law is specific and limited: 

"Personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when the name or the data elements are not encrypted, redacted, or otherwise protected by another method that renders the information unreadable or unusable:

(i) A Social Security number;

(ii) A driver's license number;

(iii) A financial account number, including a credit card number or debit card number, that in combination with any required security code, access code, or password, would permit access to an individual's financial account; or

(iv) An Individual Taxpayer Identification Number.  Md Code, Commercial Law § 14-3501(d)(1).

Publicly available information, information consented for release, or information regulated by HIPAA are excepted.  Md Code, Commercial Law § 14-3501(d)(2).

When destroying customer records containing personal information, businesses must take reasonable steps to prevent unauthorized access or use of the personal information.  Md Code, Commercial Law § 14-3502.

Businesses that maintain personal information must “implement and maintain reasonable security procedures and practices”.  Md Code, Commercial Law § 14-3503.

Under certain circumstances, businesses have an obligation to conduct an investigation and notify individuals if there is a breach of security and possible mis-use of the personal information. Md Code, Commercial Law § 14-3504.

Violations of the statute are unfair and deceptive trade practices under the Maryland Consumer Protection Act.  Md Code, Commercial Law § 14-3508.

BTLG Attorneys At Law

Talk to a lawyer

Bold labels are required.

News from BTLG:

Voting Leave
Maryland employers have an obligation to provide paid leave for employees to vote under certain circumstances
Maryland’s #MeToo Bill – New Reporting Requirements
In the wake of the nation’s #MeToo movement, Maryland now joins the ranks of other states, such as Illinois and New York, that have adopted stricter sexual harassment policies.
Maryland Minimum Wage Increase 2018
Beginning on July 1, 2018, Maryland’s minimum wage will increase from $9.25 to $10.10 an hour.
General Data Protection Regulation
On May 25, 2018, the EU's General Data Protection Regulation went in to effect, regulating any business that collects or processes the personal data of EU residents
More BTLG News