Not Found

The requested URL index.php was not found on this server.

Apache/2.2.22 (Linux) Server at Port 80
1 Maine Data Privacy Regulations Overview | CSR Privacy Solutions

Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Vendor Specific Obligations
  • Vendor Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws:
- $500 to $2,500 daily

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Vendor Management
  • Data Protection
Level Description
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Reporting to the consumer reporting agencies may be required with specific information.
  • Reporting may be delayed due to law enforcement investigation, but notification must be sent within 7 business days after the investigation is complete.
  • Maine has additional laws related to the protection, retention and disposal of personal data to prevent a breach.
  • Reporting to the State Attorney General or the Department of Professional and Financial Regulation may be required.
  • If a vendor is breached, they must report it to the data owner.  The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • 1 ME Rev Stat § 551 Maine Consumer Credit Code

    8 ME Rev Stat § 1006 Gambling Control Board: Confidentiality of records and information

    9-B ME Rev Stat § 226 Financial Institutions: Confidential Financial Records

    10 ME Rev Stat § 1149-(A-C) Notice of Risk to Personal Data

    10 ME Rev Stat § 1272-B Protection of Social Security Numbers

    20-A ME Rev Stat § 6001 – § 6103 Student Records: Dissemination of Information

    22 ME Rev Stat § 1711-C Confidentiality of health care information

    22 ME Rev Stat § 4001 – § 4010 Child and Family Services and Child Protection Act: Record, Confidentiality, Disclosure

    22 ME Rev Stat § 4008 Records; confidentiality; disclosure

    24-A ME Rev Stat § 2201 – §2220 Insurance Information and Privacy Protection Act

BAck to map