Support Centre



Law: Please note this State does not have a general privacy law in effect, you can visit USA State Law Tracker to monitor the progress of US State bills.

Regulator: The Maryland Attorney General ('AG')

Summary: In recent years, several privacy-related laws have been introduced or passed in Maryland, while others have also not been successful. While general privacy legislation is awaited, breach requirements and the security of personal data is regulated by the Act Concerning the Maryland Personal Information Protection Act – Security Breach Notification Requirements – Modifications ('the Data Breach Notification Law'), which was signed into law on 19 April 2019 and entered into effect on 1 October 2019. The Data Breach Notification Law requires, among other things, any business that owns or licences, or maintains computerised data that includes personal information of an individual residing in Maryland to notify affected individuals of a data breach.


On 29 May 2022, House Bill 866 for the Genetic Information Privacy Act was enacted without the Governor's signature. The Act applies to direct-to-consumer genetic testing companies that collect genetic information from residents of the State of Maryland and will  go into effect on 1 October 2022. In this article, OneTrust DataGuidance highlights key provisions of the Act, in particular on its scope, key definitions, business obligations, and enforcement provisions.