Can I store personal information about my customers in Maine? What are the requirements?

Based on the documents provided, there are several laws and regulations in Maine that govern the storage and use of personal information. Here are the requirements you need to consider:

Storing Personal Information

• It is a violation of Maine law for an unauthorized person to release or use an individual’s personal information acquired through a security breach ^[1.1].
• A person may not sell or disclose any customer proprietary network information relating to the wireless telephone service account of any wireless telephone service customer or user in Maine or any other customer proprietary information of any wireless telephone service customer or user in Maine ^[3.1].
• Each public entity that has a publicly accessible site on the Internet associated with it shall develop a policy regarding its practices relating to personal information and shall post notice of those practices on its publicly accessible site on the Internet ^[4.1].
• “Personal information” means information about a natural person that readily identifies that specific person ^[4.2].
• A record maintained by any public library, as defined in section 110, subsection 10, the Maine State Library, the Law and Legislative Reference Library or a library of the University of Maine System, the Maine Community College System or the Maine Maritime Academy is confidential if the record contains a library patron’s personally identifying information, including but not limited to the library patron’s name, address, phone number and e-mail address ^[5.1].
• “Breach of the security of the system” or “security breach” means unauthorized acquisition, release or use of an individual’s computerized data that includes personal information that compromises the security, confidentiality or integrity of personal information of the individual maintained by a person ^[1.2].
• A provider may not use, disclose, sell or permit access to customer personal information, except as provided in subsections 3 and 4, Title 16, chapter 3, subchapters 10 and 11 and 18 United States Code, Section 2703 ^[2.1].

Requirements for Storing Personal Information

• Personal information must be protected from misuse or unauthorized access ^[4.1].
• A policy regarding practices relating to personal information must be developed and posted on the publicly accessible site on the Internet ^[4.1].
• A record designated confidential may be released only with the express written permission of the library patron involved; to officers, employees, volunteers and agents of the library to the extent necessary for library administrative purposes; or as the result of a court order ^[5.1].
• Good faith acquisition, release or use of personal information by an employee or agent of a person on behalf of the person is not a breach of the security of the system if the personal information is not used for or subject to further unauthorized disclosure to another person ^[1.2].
• A provider shall take reasonable measures to protect customer personal information from unauthorized use, disclosure or access ^[2.1].
• A provider shall provide to each of the provider’s customers a clear, conspicuous and nondeceptive notice at the point of sale and on the provider’s publicly accessible website of the provider’s obligations and a customer’s rights under this section ^[2.1].

Based on the documents provided, it is clear that Maine has strict laws and regulations regarding the storage and use of personal information. To ensure compliance, it is recommended that you develop a policy regarding practices relating to personal information and post it on your publicly accessible site on the Internet. Additionally, you must protect personal information from misuse or unauthorized access. If you are a provider of broadband Internet access service, you may not use, disclose, sell or permit access to customer personal information, except as provided in subsections 3 and 4, Title 16, chapter 3, subchapters 10 and 11 and 18 United States Code, Section 2703. You must also take reasonable measures to protect customer personal information from unauthorized use, disclosure or access and provide a clear, conspicuous and nondeceptive notice at the point of sale and on your publicly accessible website of your obligations and a customer’s rights under this section.

Source(s):

• [1.1] Release or use of personal information prohibited
• [2.1] Privacy of broadband Internet access service customer personal information
• [3.1] Sale or disclosure of customer proprietary network information
• [4.1] Notice of information practices
• [4.2] Definitions
• [5.1] Confidentiality of library records
• [1.2] Definitions

Jurisdiction

Maine

• Privacy