Description
Enforcement begins for MODPA. Notably stricter than most state privacy laws: requires data minimization (only collect data reasonably necessary), prohibits sale of sensitive data outright regardless of consent, and requires data protection assessments for high-risk processing.
Requirements
- Implement strict data minimization practices
- Cease sale of sensitive data regardless of consent
- Conduct data protection assessments for high-risk processing
- Update data collection practices to necessary-only standard
- Review and update privacy notices for MODPA compliance
Applicable To
Organizations processing data of 35K+ Maryland consumersData-selling businesses targeting 10K+ Maryland consumers
Penalty Information
âš Civil penalties up to $10,000 for first violation, $25,000 for subsequent violations. 60-day cure period. Enforced by Maryland Attorney General.