Government Privacy Legislation in the State of Maryland

Md. Gen. Prov. Code § 4-501 is a data protection and personal privacy law that was enacted in the U.S. state of Maryland in 2005. More specifically, the law was passed for the purpose of protecting the personal records that residents of the state submit to state agencies and organizations when looking to take advantage of state-based programs, services, and facilities. With all this being said, the law outlines the circumstances under which state-based and government organizations within Maryland are permitted to collect the personal records of citizens within the state, as well as the steps and procedures that must be followed in order to ensure that this information remains confidential.

What are the data protection requirements under the law?

The provisions of Md. Gen. Prov. Code § 4-501 mandates that officials within governmental and state-based organizations, described as “official custodians” under the law, follow a strict protocol as it concerns safeguarding the various personal records that residents of the state submit to public bodies when looking to engage in certain services and activities. This protocol entails the following:

• Personal records may only be collected from residents within the state of Maryland in accordance with a specific need for such information that has been established and conveyed by the unit or government agency that is looking to collect such information.
• Personal information that is collected for personal records must be both appropriate and relevant in relation to the purpose for which it was collected.
• Personal information that is collected for personal records must be accurate and current to the greatest extent possible.
• Personal information that is collected for personal records must not be obtained via fraudulent means.
• When collecting personal information from residents within Maryland, an official custodian is responsible for providing said residents with various details. These details include the intended use or purpose for the information, the specific consequences that may arise for refusing to provide such information, and the rights that Maryland residents have in regard to the maintenance, destruction, and disclosure of their personal information, among other pertinent information.
• Information concerning the enforcement of the law and the administration of the Maryland Criminal Justice System is exempt from the provisions of the law.

What’s more, government and state-based organizations and agencies that maintain personal records concerning residents within the state of Maryland are also responsible for submitting an annual report to the Maryland Secretary of General Services. This annual report must contain information including but not limited to:

• The specific name of the unit or instrumentality that maintains personal records.
• The name, location, and subdivisions for each set of personal records that are maintained.
• The categories of individuals to whom the data within the set of personal records apply.
• A brief description of the types of personal information that the records set contains.
• The source of information from which the set of personal records was obtained.
• The steps and procedures that the unit or instrumentality has taken to protect the information within the personal records from unauthorized use, access, modification, destruction, and disclosure.

What data elements are protected under the law?

Md. Gen. Prov. Code § 4-501 outlines several categories of personal information that may be contained in personal records that may pertain to citizens of the state that are legally protected under the law. To his point, some of the data elements concerning Maryland residents that are protected under the provisions of the law include:

• Physical addresses.
• Email addresses.
• Personal descriptions.
• Finger and voiceprints.
• Telephone numbers.
• Pictures.
• Social security numbers.
• Drivers licenses.
• Financial account numbers.
• Online log-in credentials.

Personal records and redaction

As government agencies within Maryland will undoubtedly be charged with maintaining and securing the personal records of thousands of residents across the state, ensuring that this information remains secure can prove to be extremely difficult. To this end, one method that can be used to safeguard personal data is automatic redaction software. By using such software, government agencies can ensure that the personal information of their citizenship is protected from harm or misuse, as these software programs allow users to render personal information inaccessible to the general public. In this way, government agencies within Maryland can prevent the personal data of Maryland residents from becoming compromised.

While many people within the U.S. think about personal privacy in the context of personal data they submit to other individuals when shopping online or making purchases, the personal information that American citizens provide to their local governments can also be used for nefarious purposes. As such, Md. Gen. Prov. Code § 4-501 protects the personal records of citizens within the state, ensuring that strict regulations are adhered to when the information contained within such records is collected, stored, or transmitted. In this way, residents within the state of Maryland can have the peace of mind that their information is being protected by their local governments and state-based institutions.