Mandated Timeframe for Breach Reporting and/or Consumer Notification

Without unreasonable delay
Laws related specifically to personal information
  • Breach Reporting & Consumer Notification
  • Protect Personal Information
  • Program for Protection/Security
  • Third Party: Specific Obligations
  • Third Party: Mandated Contracts
  • Employee Training
  • Data Disposal/Destruction
  • Risk Assessment
  • Requests for Information
Fines & Penalties

Violations of breach and notification laws from $500 to $2,500 daily

Regulation Levels
  • Breach Reporting
  • Consumer Notifications
  • Third Party Management
  • Data Protection
  • None to minimal
  • Basic Requirements
  • Comprehensive Requirements
  • Extensive Requirements
Quick Facts
  • Reporting to the consumer reporting agencies may be required with specific information.
  • Reporting may be delayed due to law enforcement investigation, but notification must be sent within 7 business days after the investigation is complete.
  • Maine has additional laws related to the protection, retention and disposal of personal data to prevent a breach.
  • Reporting to the State Attorney General or the Department of Professional and Financial Regulation may be required.
  • If vendor is breached, they must report it to the data owner.  The data owner will be responsible to complete the reporting and consumer notification.
  • If your breach affects residents in other states, you will need to notify those residents using that state’s rules.
Statutes and Laws
  • 1 ME Rev Stat § 551 Maine Consumer Credit Code (2001)

    8 ME Rev Stat § 1006 Gambling Control Board: Confidentiality of records and information (2005)

    9-B ME Rev Stat § 226 Financial Institutions: Confidential Financial Records (2007)

    10 ME Rev Stat § 1149-(A-C) Notice of Risk to Personal Data (2001)

    10 ME Rev Stat § 1272-B Protection of Social Security Numbers (2003)

    20-A ME Rev Stat § 6001 – § 6103 Student Records: Dissemination of Information (2015)

    22 ME Rev Stat § 1711-C Confidentiality of health care information (2011)

    22 ME Rev Stat § 4001 – § 4010 Child and Family Services and Child Protection Act: Record, Confidentiality, Disclosure (2015)

    22 ME Rev Stat § 4008 Records; confidentiality; disclosure (2015)

    24-A ME Rev Stat § 2201 – §2220 Insurance Information and Privacy Protection Act (1997)

BAck to map