Publications
February 6, 2012

What to do After a Data Breach: A Primer on Maine's Security Breach Law

Your company just discovered a security breach resulting in the disclosure of personal information concerning customers, vendors, employees, or other individuals.  What now? 

The purpose of this primer is to provide an introduction to what you need to know about notification requirements under Maine's Notice of Risk to Personal Data Act, 10 M.R.S. §§ 1346-1350-B (the "Act").

The essential purpose of the Notice of Risk to Personal Data Act is informational -- to ensure prompt notification to persons at risk of identity theft.  The Act prohibits use of personal information acquired through a security breach, imposes prompt notification requirements in the event of a security breach, provides for enforcement and penalties, and requires that law enforcement provide a police report in connection with any reported misuse of personal information. 

In the absence of a uniform federal law governing notice requirements in the event of a data breach, the states have enacted a patchwork of notice requirements.  At present 46 states plus the District of Columbia, Puerto Rico and the Virgin Islands (and New York City) have enacted security breach notification laws.  The holdouts are Alabama, Kentucky, New Mexico, and South Dakota.  Maine law applies to Maine residents.  Notification to residents of other states is governed by the law of the state of residence. 

The Act is a key part of the legal puzzle when it comes to notification of data breaches involving Maine residents, but it is not the whole story.  A response to a data breach by financial institutions involves federal law.  State law tort claims (e.g., negligence) and unfair trade practices acts at the state and federal level provide incentives to respond thoughtfully to security breaches.  Relevant contracts may also address data breach, confidentiality, or related requirements.  As in any risk management situation – data breaches are no exception – insurance should also be top of mind.

Download What to do after a Data Breach: A Primer on Maine's security breach law" for more information on:

  • How does the Act define a security breach?
  • Who is subject to the Act?
  • How is "personal information" defined?
  • Does the Act apply to paper records?
  • Do I have to investigate once I become aware of a security breach?
  • What triggers the duty to notify?
  • Who has to be notified?
  • Does Maine have a notification form?
  • What are the required contents of the notification?
  • How quickly do I have to notify?
  • Are there penalties for non-compliance with the Act?
  • Does the Act create a private right of action?

Questions?

For further information about security breach reporting requirements and related privacy or confidentiality issues, please contact Sig Schutz at Preti Flaherty's Portland, Maine office at [email protected] or 207-791-3000.  Sig and other attorneys at Preti Flaherty have advised numerous companies in responding to security breaches and the firm has served as defense counsel in security breach litigation.

Firm Highlights

Publication

Essential Business? Essential Activity? Clarification Here.

Effective at 12:01 a.m. on April 2nd, the Governor has ordered a statewide “stay at home” order further restricting Maine resident’s movement. Governor’s Executive Order No. 28 FY 19/20 dated March 31, 2020 (“Stay...

Press Coverage

Maine - Waterville Coronavirus Panel Illegally Met in Secret

A Waterville City Council coronavirus subcommittee formed in response to the outbreak has been accused of illegally meeting in secret, denying public access to its deliberations, and making unlawful decisions. Extended Coverage: Virus Concerns Lead to 'Public' Meetings Without...

Press Coverage

6th Circ. Says Auto Parts Co. Can't Arbitrate Price-Fixing Suit

On February 24, a three-judge panel of the Sixth Circuit Court of Appeals upheld a Michigan district court's January 2019 decision that KYB Corp. can't force a suit accusing it of conspiring with other auto parts...

Press Coverage

Maine State Police May Be Spying on You

Police and governments are increasingly turning to new tracking and monitoring methods in their efforts to prevent and record evidence of crimes. A Portland Press Herald investigation examines these expanding law enforcement abilities and the...

News

Preti Flaherty Welcomes Attorneys James W. Beers, Jr., and Alan E. Topalian to the Firm

Preti Flaherty is pleased to announce the arrival of two new attorneys: James W. Beers, Jr., and Alan E. Topalian. James joins the Environmental Practice Group as a Director and will work from the...

Publication

DOL Provides Guidance on Exemption from Paid Leave for Small Businesses

The FFCRA requires certain employers to provide paid sick leave and expanded FMLA benefits due to COVID-19 but provides that businesses with fewer than 50 employees may be exempt if the obligation would jeopardize...

News

Attorney Betsy E. Wakefield Joins Preti Flaherty’s Business Law Group

Preti Flaherty is pleased to announce that Betsy E. Wakefield has joined the firm. Betsy will practice with the Business Law Group from the firm’s Portland office, where she will be counseling banking and...

News

Preti Flaherty Attorney Tim Bryant Selected by Franchise Times as “Legal Eagle”

For the twelfth year in a row, Preti Flaherty attorney Tim Bryant has been recognized as a Franchise Times magazine “Legal Eagle.” Nominated by their peers, franchise attorneys chosen for this honor are considered among...

Publication

Preti Flaherty Announces its COVID-19 Financial Relief Evaluation and Selection Tool

This Analysis of COVID-19 Financial Advice is effective as of 5PM on Friday, April 3, 2020.  THE INFORMATION SET FORTH BELOW IS SUBJECT TO CHANGE as Treasury Guidelines and other authorities emerge from the...

Event

2020 Employment Law Series: A Legislative Update for HR Professionals

For more than 25 years, Preti Flaherty's Employment Law Group has been keeping clients, business partners, and friends up to date on recent developments in employment law. Join us as we continue that tradition...