Maryland Data Privacy: A Plain-Language Overview
No comprehensive consumer privacy law (as of 2026)
Status: No broad consumer privacy statute is in effect; businesses must comply with sector-specific laws and general consumer protection standards.
Maryland does not have a single, comprehensive law regulating the collection and sale of all personal data. Instead, the state relies on the Maryland Consumer Protection Act to prohibit deceptive trade practices, alongside specific statutes that strictly regulate Internet Service Providers (ISPs) and certain types of sensitive consumer data. Businesses operating in Maryland must navigate these targeted rules rather than a unified privacy framework.
Rights residents generally have
- limits on the use of sensitive data by ISPs
- right to take legal action for identity theft
- protection from deceptive data practices
Who it generally applies to
General consumer protection rules apply broadly to all businesses operating in Maryland; the specific ISP data usage restrictions apply to entities providing internet access services.
What this means for B2B outreach
The general consumer protection statute typically does not apply to B2B transactions. However, strict industry-specific requirements, such as the Maryland Broker Notice of Records Search Act, may mandate disclosure of data breaches involving business or professional records.
Authoritative source: Maryland Office of the Attorney General. Always confirm current requirements there.
Marketing that respects privacy by design
We run permission-based, compliance-minded campaigns with real opt-out handling.
Talk to us