Can I use third-party project management tools that collect personal information in Maryland? What are the requirements?

Use of Third-Party Project Management Tools in Maryland

If you are using third-party project management tools that collect personal information in Maryland, you must comply with the Maryland Data Privacy Protection Act (DPPA) ^[6.1]. The DPPA requires businesses to implement reasonable security measures to protect personal information from unauthorized access, use, or disclosure.

Additionally, if you are a public-sector or private-sector program accessing the Department of Human Services’ information support system, you must comply with the security requirements outlined in MDCR 16.03.05.02 ^[6.2]. Links among computer systems must comply with all federal and state requirements and be designed to prevent unauthorized access to confidential records.

It is important to note that the use of third-party project management tools may also be subject to other Maryland regulations, depending on the nature of the personal information being collected and how it is being used. Therefore, it is recommended that you consult with a legal professional to ensure compliance with all applicable laws and regulations.

Source(s):

• [6.1] 16.03.05.00
• [6.2] Database Access.

Jurisdiction

Maryland

• Privacy