February 6, 2012

What to do After a Data Breach: A Primer on Maine's Security Breach Law

Your company just discovered a security breach resulting in the disclosure of personal information concerning customers, vendors, employees, or other individuals.  What now? 

The purpose of this primer is to provide an introduction to what you need to know about notification requirements under Maine's Notice of Risk to Personal Data Act, 10 M.R.S. §§ 1346-1350-B (the "Act").

The essential purpose of the Notice of Risk to Personal Data Act is informational -- to ensure prompt notification to persons at risk of identity theft.  The Act prohibits use of personal information acquired through a security breach, imposes prompt notification requirements in the event of a security breach, provides for enforcement and penalties, and requires that law enforcement provide a police report in connection with any reported misuse of personal information. 

In the absence of a uniform federal law governing notice requirements in the event of a data breach, the states have enacted a patchwork of notice requirements.  At present 46 states plus the District of Columbia, Puerto Rico and the Virgin Islands (and New York City) have enacted security breach notification laws.  The holdouts are Alabama, Kentucky, New Mexico, and South Dakota.  Maine law applies to Maine residents.  Notification to residents of other states is governed by the law of the state of residence. 

The Act is a key part of the legal puzzle when it comes to notification of data breaches involving Maine residents, but it is not the whole story.  A response to a data breach by financial institutions involves federal law.  State law tort claims (e.g., negligence) and unfair trade practices acts at the state and federal level provide incentives to respond thoughtfully to security breaches.  Relevant contracts may also address data breach, confidentiality, or related requirements.  As in any risk management situation – data breaches are no exception – insurance should also be top of mind.

Download What to do after a Data Breach: A Primer on Maine's security breach law" for more information on:

  • How does the Act define a security breach?
  • Who is subject to the Act?
  • How is "personal information" defined?
  • Does the Act apply to paper records?
  • Do I have to investigate once I become aware of a security breach?
  • What triggers the duty to notify?
  • Who has to be notified?
  • Does Maine have a notification form?
  • What are the required contents of the notification?
  • How quickly do I have to notify?
  • Are there penalties for non-compliance with the Act?
  • Does the Act create a private right of action?

Questions?

For further information about security breach reporting requirements and related privacy or confidentiality issues, please contact Sig Schutz at Preti Flaherty's Portland, Maine office at [email protected] or 207-791-3000.  Sig and other attorneys at Preti Flaherty have advised numerous companies in responding to security breaches and the firm has served as defense counsel in security breach litigation.

Firm Highlights

News

Preti Flaherty Welcomes Intellectual Property Attorney Eric C. Osterberg to the Firm

Preti Flaherty is pleased to announce that attorney Eric C. Osterberg has joined the firm’s Intellectual Property Practice Group as a Director, working from the Boston office. Eric brings more than 30 years of...

News

Preti Flaherty Welcomes Attorneys Michelle Amidzich Fritz and Kat Mail to the Firm

Preti Flaherty is pleased to announce the arrival of attorneys Michelle Amidzich Fritz and Kat Mail. Michelle Amidizich Fritz joins the firm’s Environmental Practice Group in the Boston office. She is a graduate of...

News

Preti Flaherty Whistleblower Client Assists Department of Justice in Recovering $345 Million

For more information, please see the  Press Release .

News

Preti Flaherty Welcomes Employment Law Attorney Brooke K. Haley to the Firm

Preti Flaherty is pleased to announce that attorney Brooke K. Haley has joined the firm’s Employment Law Practice Group as a Partner. Brooke will work primarily from the firm’s Portland office. Brooke’s practice centers...

Publication

Schutz and Harriman Author Article for MLRC on Mill's Veto of Constitutionally Fraught Legislation

In an article for the Media Law Resource Center's July 2023 Media Law Letter,  Preti Flaherty attorneys Sig Schutz and Alex Harriman explore Gov. Janet Mills' recent veto of L.D. 1610, “An Act to Prohibit Campaign Spending...

Event

Sigmund Schutz to moderate panel at 36th Annual Media and the Law Seminar: Under Attack! Existential Threats to Journalism and Free Speech

From unlawful searches and seizures of newsrooms and highly contentious litigation to physical harassment and calls for violence online, journalists and news organizations are under attack like never before. At the 36 th Annual...

News

Preti Flaherty Ranked Among Best Lawyers 2024 Best Law Firms

Best Lawyers has ranked Preti Flaherty among the Best Law Firms for 2024. To be eligible for ranking, a law firm must have at least one attorney named in the 2024 Best Lawyers in...