Can I ignore my obligations as a service provider with access to personal information in Maryland? What are the requirements?

Obligations of Service Providers with Access to Personal Information in Maryland

As a service provider with access to personal information in Maryland, you have certain obligations that you cannot ignore. The Maryland Code of Regulations (MDCR) provides guidelines for the protection of nonpublic personal financial information.

Under MDCR 31.16.08.14, service providers are allowed to disclose nonpublic personal financial information to nonaffiliated third parties to perform services for the licensee or functions on the licensee’s behalf, provided that the licensee provides the initial notice in accordance with Regulation .05 of this chapter and enters into a contractual agreement with the third party that prohibits the third party from disclosing or using the information other than to carry out the purposes for which the licensee disclosed the information.

Therefore, as a service provider, you must provide an initial notice to the individuals whose information you are handling, and you must enter into a contractual agreement with any third party to whom you disclose the information. The agreement must prohibit the third party from disclosing or using the information other than to carry out the purposes for which you disclosed the information.

Requirements for Service Providers with Access to Personal Information in Maryland

As a service provider with access to personal information in Maryland, you must comply with the following requirements:

• Provide an initial notice to the individuals whose information you are handling in accordance with Regulation .05 of MDCR 31.16.08.14.
• Enter into a contractual agreement with any third party to whom you disclose the information that prohibits the third party from disclosing or using the information other than to carry out the purposes for which you disclosed the information.

Failure to comply with these requirements may result in penalties and legal action.

^[1.1] provides the exception to opt-out requirements for disclosure of nonpublic personal financial information for service providers and joint marketing. The other documents do not provide relevant information to answer the user’s query.

Therefore, to answer your question, you cannot ignore your obligations as a service provider with access to personal information in Maryland. You must provide an initial notice to the individuals whose information you are handling and enter into a contractual agreement with any third party to whom you disclose the information.

Source(s):

• [1.1] Exception to Opt Out Requirements for Disclosure of Nonpublic Personal Financial Information for Service Providers and Joint Marketing.

Jurisdiction

Maryland

• Privacy