Can I use third-party file sharing tools that collect personal information in Maine? What are the requirements?

Third-Party File Sharing Tools and Personal Information Collection in Maine

Based on the context documents, Maine has strict laws regarding the collection and dissemination of personal information.

If the personal information being collected includes library patron’s personally identifying information or information that identifies a library patron as having requested, obtained or used books or other materials in any medium at the library or provided by the library, then the record is confidential and can only be released with the express written permission of the library patron involved, to officers, employees, volunteers and agents of the library to the extent necessary for library administrative purposes, or as the result of a court order ^[5.1].

If the personal information being collected is not covered by the confidentiality requirements of ^[5.1], then the third-party file sharing tool must comply with the Security Breach Notice Requirements outlined in 10 MERS Section 1348. If the third-party file sharing tool maintains computerized data that includes personal information and becomes aware of a breach of the security of the system, the third-party file sharing tool shall conduct in good faith a reasonable and prompt investigation to determine the likelihood that personal information has been or will be misused and shall give notice of a breach of the security of the system following discovery or notification of the security breach to a resident of this State whose personal information has been, or is reasonably believed to have been, acquired by an unauthorized person ^[2.2].

Moreover, Maine has strict laws regarding the collection, use, and disclosure of customer personal information by providers of broadband Internet access service. A provider may not use, disclose, sell or permit access to customer personal information, except as provided in subsections 3 and 4, Title 16, chapter 3, subchapters 10 and 11 and 18 United States Code, Section 2703 ^[3.1].

In summary, if the third-party file sharing tool collects personal information covered by the confidentiality requirements of ^[5.1], then it can only be released with the express written permission of the library patron involved, to officers, employees, volunteers and agents of the library to the extent necessary for library administrative purposes, or as the result of a court order. If the personal information being collected is not covered by the confidentiality requirements of ^[5.1], then the third-party file sharing tool must comply with the Security Breach Notice Requirements outlined in 10 MERS Section 1348. Additionally, providers of broadband Internet access service in Maine are prohibited from using, disclosing, selling, or permitting access to customer personal information, except as provided in the law ^[3.1].

Source(s):

• [3.1] Privacy of broadband Internet access service customer personal information
• [5.1] Confidentiality of library records
• [2.2] Security breach notice requirements

Jurisdiction

Maine

• Privacy