Ask Reggi Your Question Now

Reggi is the free generative AI assistance for regulatory compliance

Can I use third-party HR tools that collect personal information in Maryland? What are the requirements?

October 18, 2023

Use of Third-Party HR Tools in Maryland

If you are using third-party HR tools that collect personal information in Maryland, you must comply with the Maryland Personal Information Protection Act (PIPA) ^[1.2]. PIPA requires businesses to implement reasonable security measures to protect personal information from unauthorized access, use, modification, or disclosure.

Under PIPA, personal information is defined as “an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when the name and data elements are not encrypted: (1) Social Security number; (2) driver’s license number; (3) financial account number, including a credit card number or debit card number; (4) passport number; (5) taxpayer identification number; (6) other information that can be used to identify an individual, such as biometric data, including a fingerprint, voice print, retina or iris image, or other unique physical representation.” ^[1.2]

Requirements for Third-Party HR Tools

If you are using third-party HR tools that collect personal information in Maryland, you must ensure that the tools comply with PIPA. This includes implementing reasonable security measures to protect personal information from unauthorized access, use, modification, or disclosure. Additionally, you must ensure that the tools are only collecting the minimum amount of personal information necessary for their intended purpose ^[1.2].

You should also review the terms of service and privacy policy of the third-party HR tools to ensure that they comply with PIPA and other applicable laws. If the tools are not compliant, you should consider finding alternative tools that are compliant ^[1.2].

Personal Information Protection Act (PIPA)

PIPA requires businesses to implement reasonable security measures to protect personal information from unauthorized access, use, modification, or disclosure ^[1.2]. Personal information is defined as “an individual’s first name or first initial and last name in combination with any one or more of the following data elements, when the name and data elements are not encrypted: (1) Social Security number; (2) driver’s license number; (3) financial account number, including a credit card number or debit card number; (4) passport number; (5) taxpayer identification number; (6) other information that can be used to identify an individual, such as biometric data, including a fingerprint, voice print, retina or iris image, or other unique physical representation.” ^[1.2]

Conclusion

If you are using third-party HR tools that collect personal information in Maryland, you must comply with the Maryland Personal Information Protection Act (PIPA) and implement reasonable security measures to protect personal information from unauthorized access, use, modification, or disclosure. You should also review the terms of service and privacy policy of the third-party HR tools to ensure that they comply with PIPA and other applicable laws.

Source(s):

[1.2] Protection, Use, and Release of Personal Information.

Jurisdiction

Maryland

Privacy