Maine Privacy Law Attorneys

Maine Privacy Law Overview

Maine does not yet have a comprehensive consumer privacy law, but it has one of the strongest broadband-privacy laws in the country, requiring internet service providers to obtain opt-in consent before using or selling customer data. A comprehensive privacy bill has advanced further in Maine than in most non-comprehensive states.

Sector-Specific Privacy Laws in Maine

Act to Protect the Privacy of Online Consumer Information

Maine's broadband-privacy law requires internet service providers to obtain express, opt-in consent before using, disclosing, or selling a customer's personal information — a stricter standard than the FCC framework it replaced. It is among the toughest ISP-privacy laws in the nation.

Data Breach Notification in Maine

Maine's data-breach notification law requires businesses to notify affected residents when unencrypted personal information is acquired by an unauthorized person.

• Deadline to notify residents: No later than 30 days after becoming aware of the breach
• Attorney General notice: Notify the Maine Attorney General for breaches affecting residents
• Covered data: Name combined with sensitive identifiers (SSN, driver's license, financial-account or medical information, and more)

Pending Privacy Legislation

A comprehensive consumer-privacy bill (LD 1822) has passed both chambers and is in reconciliation, making Maine one of the states most likely to enact a comprehensive law next. Businesses should monitor its progress closely.

Federal Privacy Laws That Apply in Maine

Even where Maine law is silent, residents and businesses are covered by federal privacy statutes:

• HIPAA — health information held by providers, plans and their vendors
• GLBA — privacy and safeguards rules for financial institutions
• FERPA — student education records
• FCRA — consumer reporting agencies and background screening
• COPPA — online collection of data from children under 13
• FTC Act §5 — unfair or deceptive privacy and data-security practices

Industry-Specific Privacy Requirements in Maine

Many Maine businesses face privacy obligations that flow from their industry rather than from a single state statute:

Healthcare

Providers, health plans and their vendors must comply with HIPAA and with any state medical-confidentiality rules when handling patient information in Maine.

Financial Services

Banks, credit unions, lenders and insurers are subject to the Gramm-Leach-Bliley Act privacy and safeguards rules in addition to Maine consumer-protection requirements.

Technology & Online Services

Companies serving users in other states may owe duties under California's CCPA/CPRA and other comprehensive laws even while Maine itself has none — making multi-state compliance the practical reality for most online businesses.

Retail

Retailers handling payment-card data must meet PCI DSS contractual standards and Maine's breach-notification law if customer information is exposed.

Where to File a Privacy Complaint in Maine

Maine residents who believe a business has mishandled their personal information can file a complaint with the Maine Attorney General, which enforces the state's consumer-protection and data-breach laws. Complaints involving federally regulated data — health, financial, credit or children's information — can also be directed to the Federal Trade Commission or the relevant federal regulator. An attorney can help you assess whether you have a claim and choose the best venue to pursue it.

Maine Privacy Law FAQ

How a Maine Privacy Attorney Can Help