Introduction to Maryland Privacy Rights
Maryland has established itself as a progressive state in privacy protection, implementing robust laws that often exceed federal baseline requirements. As a resident of Maryland or someone whose personal information is held by Maryland-based entities, you benefit from a comprehensive framework of privacy statutes that govern how government agencies, employers, businesses, and healthcare providers collect, use, and disclose your personal information.
The Free State's approach to privacy protection is multifaceted, addressing consumer data privacy, medical information, employment records, educational data, and government transparency. Maryland's privacy landscape includes the Maryland Public Information Act (MPIA), one of the nation's stronger open records laws, alongside specific statutes governing data breach notifications, personal information protection, and biometric data collection. Maryland also enacted the Maryland Online Data Privacy Act in recent legislative sessions, reflecting the state's commitment to keeping pace with evolving digital privacy concerns.
Compared to other states, Maryland ranks among the more privacy-protective jurisdictions in the United States. While states like California, Virginia, and Colorado have recently enacted comprehensive consumer data privacy laws, Maryland has built privacy protections incrementally through targeted legislation addressing specific concerns. The state's data breach notification law, codified in Maryland Commercial Law Code § 14-3504, was among the earlier state breach notification statutes. Maryland also pioneered protections for genetic information and biometric data before such regulations became widespread. The Maryland Personal Information Protection Act provides stronger safeguards than many neighboring states, and Maryland's restrictions on employer use of social media credentials and credit reports demonstrate a legislative commitment to balancing business interests with individual privacy rights.
Maryland's State Privacy Laws
Maryland has enacted numerous statutes creating a patchwork of privacy protections that collectively provide significant safeguards for residents. Understanding these specific laws helps you exercise your rights effectively.
Maryland Personal Information Protection Act
Under Maryland Commercial Law Code § 14-3501 through § 14-3508, businesses that own or license computerized data containing personal information about Maryland residents must implement and maintain reasonable security procedures and practices. "Personal information" is defined as an individual's first name or first initial and last name in combination with a Social Security number, driver's license number, financial account number, or credit/debit card number. This Act requires businesses to safeguard this information and mandates specific breach notification procedures discussed later in this article.
Data Breach Notification Law
Maryland Commercial Law Code § 14-3504 establishes one of the nation's more stringent data breach notification requirements. Any business that maintains computerized data containing personal information about Maryland residents must notify affected individuals "without unreasonable delay" after discovering a breach. The law does not specify an exact number of days, but Maryland Attorney General guidance indicates notification should occur as expeditiously as possible and without unreasonable delay, typically interpreted as within a few days to two weeks maximum once the breach is confirmed. Businesses must also notify the Maryland Attorney General's Office if the breach affects 1,000 or more Maryland residents.
Maryland Online Consumer Protection Act
Maryland Commercial Law Code § 13-301 through § 13-323 addresses unfair, abusive, or deceptive trade practices in online commerce, providing consumer protections against fraudulent data collection and misuse. The Act empowers the Maryland Attorney General to investigate and prosecute businesses that engage in deceptive practices involving consumer data.
Social Media Privacy Laws
Maryland was among the first states to restrict employer access to employee and applicant social media accounts. Under Maryland Labor and Employment Code § 3-712, employers cannot request or require employees or applicants to disclose usernames, passwords, or other authentication information for accessing personal social media accounts. Employers also cannot require individuals to add the employer to their social media contact lists or access personal accounts in the employer's presence. Educational institutions face similar restrictions under Maryland Education Code § 26-405.
Employee Credit Report Restrictions
Maryland Labor and Employment Code § 3-711 significantly limits employer use of consumer credit reports in employment decisions. Employers generally cannot require or request credit reports for employment purposes unless the information is substantially job-related and the employer's request is disclosed to the employee or applicant in writing. Specific exemptions exist for positions involving financial responsibilities, security clearances, or law enforcement.
Genetic Information Privacy
Maryland Health-General Code § 4-301 through § 4-304 provides strong protections for genetic information. The statute prohibits discrimination based on genetic information and restricts collection and disclosure of genetic test results. Health insurance providers cannot request genetic testing or use genetic information to determine coverage or rates.
Biometric Data Collection
While Maryland does not have a comprehensive biometric privacy statute like Illinois' Biometric Information Privacy Act, Maryland Commercial Law Code § 14-3401 addresses commercial use of biometric data. The statute requires businesses collecting biometric information (fingerprints, facial scans, retinal scans, voice prints) to provide notice to consumers and obtain written consent before collection. Businesses must also publish retention and destruction policies for biometric data.
Financial Privacy
Beyond federal protections under the Gramm-Leach-Bliley Act, Maryland Financial Institutions Code § 1-301 through § 1-304 provides state-level privacy protections for financial information. Financial institutions operating in Maryland must provide annual privacy notices and allow consumers to opt out of certain information-sharing practices.
Freedom of Information / Open Records in Maryland
Maryland's public records law, the Maryland Public Information Act (MPIA), is codified in Maryland General Provisions Code § 4-101 through § 4-601. The MPIA establishes a presumption that government records are open to public inspection, reflecting Maryland's constitutional commitment to government transparency.
What the MPIA Covers
The MPIA grants any person the right to inspect and copy public records held by Maryland state agencies, local governments, and public school systems. "Public record" is broadly defined to include any documentary material made or received by a government unit in connection with public business, regardless of physical form or characteristics. This includes paper documents, electronic files, emails, text messages, photographs, and audio/video recordings.
How to Request Records
To request records under the MPIA, submit a written request to the custodian of records for the specific agency holding the information. Your request should reasonably describe the records sought with sufficient specificity to enable the agency to locate them. You do not need to explain why you want the records or demonstrate any particular interest. The request can be submitted by mail, email, fax, or in person, depending on the agency's procedures.
Response Time Requirements
Maryland law requires agencies to respond to MPIA requests within 30 days. The agency must either produce the requested records, deny the request with a written explanation citing specific legal authority, or notify you that additional time is needed (up to an additional 30 days with justification). If the agency fails to respond within these timeframes, you may pursue administrative or judicial remedies.
Fee Schedules
Agencies may charge reasonable fees for searching, preparing, and copying records. Maryland Code of Maryland Regulations (COMAR) 05.01.02.06 establishes that copying fees cannot exceed $0.36 per page for standard letter or legal-sized documents. For electronic records, agencies may charge the actual cost of the medium (such as a CD or flash drive) plus reasonable staff time for programming or formatting if the request requires more than two hours of work. The first two hours of staff time for electronic records must be provided free of charge. Agencies may require prepayment if estimated fees exceed $25.
Exemptions Specific to Maryland
The MPIA contains numerous mandatory and discretionary exemptions. Mandatory exemptions include records specifically made confidential by other statutes, attorney-client privileged communications, and trial preparation materials. Discretionary exemptions allow agencies to withhold personnel records, investigatory records related to ongoing law enforcement investigations, and records whose disclosure would constitute an unwarranted invasion of personal privacy. Maryland General Provisions Code § 4-330 specifically protects personal privacy by exempting home addresses, telephone numbers, email addresses, and Social Security numbers from disclosure. Medical records, psychological evaluations, and financial account information are also exempt under § 4-329 and § 4-335.
Appeals Process
If an agency denies your request, you have two avenues for appeal. First, you may file a complaint with the Maryland Public Information Act Compliance Board, an independent administrative body that reviews disputes and issues advisory opinions. The Compliance Board does not have enforcement power but provides a cost-free dispute resolution mechanism. Alternatively, you may file a petition for judicial review in the circuit court where the records are located. Under Maryland General Provisions Code § 4-362, if you substantially prevail in court, you may recover reasonable attorney's fees and costs. Courts expedite MPIA cases and must hear them within 30 days.
HIPAA and Health Privacy
The federal Health Insurance Portability and Accountability Act (HIPAA) establishes baseline protections for medical information nationwide, but Maryland provides additional health privacy safeguards that often exceed federal requirements.
HIPAA Application in Maryland
HIPAA applies to "covered entities" including healthcare providers, health plans, and healthcare clearinghouses operating in Maryland. These entities must comply with the HIPAA Privacy Rule (45 C.F.R. Part 160 and Part 164), which restricts how protected health information (PHI) can be used and disclosed. Patients have rights to access their medical records, request corrections, receive an accounting of disclosures, and file complaints about privacy violations. Maryland residents can file HIPAA complaints with the U.S. Department of Health and Human Services Office for Civil Rights.
Maryland Health Information Privacy Protections
Maryland law provides additional protections beyond HIPAA. Maryland Health-General Code § 4-301 through § 4-309 governs confidentiality of medical records and specifically addresses sensitive health information. Maryland requires express written authorization for disclosure of mental health records, substance abuse treatment records, HIV/AIDS test results, and genetic information. These requirements are more restrictive than HIPAA's general standards.
Maryland Courts and Judicial Proceedings Code § 9-109 establishes the physician-patient privilege, preventing healthcare providers from disclosing patient communications without consent except in limited circumstances. This privilege applies in legal proceedings and provides stronger protections than HIPAA in certain contexts.
Protecting Your Medical Records
To protect your medical privacy in Maryland, request a copy of your healthcare provider's Notice of Privacy Practices and understand how your information may be used. You can request restrictions on certain disclosures, though providers are not required to agree except in specific situations. Consider requesting an accounting of disclosures to monitor who has accessed your records. If you believe your medical privacy has been violated, file a complaint with both the federal Office for Civil Rights and the Maryland Board of Physicians or appropriate state licensing board. Maryland Health Occupations Code provisions governing specific health professions include disciplinary measures for privacy violations.
Consumer Data Privacy Rights
While Maryland has not enacted a comprehensive consumer data privacy law comparable to California's Consumer Privacy Act, Maryland residents possess significant rights regarding personal data collection, use, and sharing through various federal and state statutes.
Data Collection and Use Rights
Under Maryland Commercial Law Code § 14-1301 through § 14-1318, commercial entities must provide notice before collecting personal information and must implement reasonable security measures. Maryland consumers have the right to know what categories of personal information businesses collect, though Maryland law does not currently mandate comprehensive disclosure upon consumer request as some other state laws do. The Maryland Attorney General actively enforces consumer protection laws against businesses engaged in unfair data practices.
Opt-Out Rights
Maryland residents have specific opt-out rights in certain contexts. Financial institutions must honor opt-out requests regarding information sharing under federal Gramm-Leach-Bliley Act provisions as implemented through Maryland law. For marketing communications, the federal CAN-SPAM Act and Telephone Consumer Protection Act provide opt-out mechanisms that apply to Maryland residents. Maryland also participates in the National Do Not Call Registry, and Maryland Commercial Law Code § 14-2201 through § 14-2207 establishes additional state-level telemarketing restrictions.
Removing Information from Data Brokers
Data broker websites aggregate personal information from public records and commercial sources. While Maryland law does not specifically regulate data brokers, you can request removal of your information from major data broker sites. Key sites to address include Spokeo, WhitePages, BeenVerified, Intelius, PeopleFinder, and Radaris. Each site maintains its own opt-out process, typically accessible through privacy or opt-out pages on their websites. The process usually requires submitting your name, address, and sometimes verifying your identity. Be aware that removal may take several weeks, and information may reappear if the broker re-scrapes public databases.
Credit Report Rights
The federal Fair Credit Reporting Act (FCRA) provides Maryland residents with important rights regarding credit reports. You are entitled to one free credit report annually from each of the three major credit bureaus (Equifax, Experian, and TransUnion) through AnnualCreditReport.com. You have the right to dispute inaccurate information, and bureaus must investigate within 30 days. Under Maryland Commercial Law Code § 14-1201 through § 14-1218, security freeze provisions allow Maryland residents to restrict access to their credit reports, preventing identity thieves from opening new accounts. Maryland law permits free security freezes, and credit bureaus must implement freezes within one business day of an electronic or telephone request, or three business days for written requests. Maryland also allows fraud alerts and extended fraud alerts for identity theft victims.
Maryland Consumer Protection Division
The Maryland Attorney General's Consumer Protection Division enforces consumer privacy rights and investigates complaints about unfair data practices. Maryland residents can file complaints online or by contacting the Division at 200 St. Paul Place, Baltimore, MD 21202, or calling 410-528-8662 (toll-free at 888-743-0023).
Employment Background Checks & Privacy
Maryland has enacted some of the nation's most employee-friendly background check restrictions, significantly limiting what employers can consider in hiring decisions and how they can use criminal history information.
Criminal Background Check Restrictions
Maryland Labor and Employment Code § 3-710 prohibits employers from inquiring about an applicant's criminal history on initial employment applications. This "ban-the-box" law applies to all Maryland employers with at least one employee. Employers cannot ask about criminal history until the first in-person or telephone interview, or before a conditional offer of employment, depending on the position. Once permitted to inquire, employers still face restrictions: they cannot ask about expunged or sealed records, charges that did not result in conviction, or convictions that have been dismissed or for which probation was completed.
What Employers Can and Cannot Access
Maryland Criminal Procedure Code § 10-109 limits use of criminal records in employment decisions. Employers generally cannot require applicants to disclose expunged records or refuse employment based solely on an arrest not leading to conviction. However, employers can conduct criminal background checks after the initial application stage, and certain industries (healthcare, childcare, education, financial services) have specific requirements or exemptions.
For credit checks, Maryland Labor and Employment Code § 3-711 prohibits most employers from using credit reports unless the position involves specific financial responsibilities, security clearances, or management of assets over $10,000. This restriction significantly limits employer access to financial information.
How Long Criminal Records Remain Accessible
Criminal records in Maryland remain indefinitely accessible through the Maryland Judiciary Case Search system unless expunged or sealed. However, access restrictions vary by record type. Convictions remain permanently unless pardoned or expunged through specific statutory procedures. Charges resulting in acquittal, dismissal, or nolle prosequi may be eligible for immediate expungement. Maryland Criminal Procedure Code § 10-105 through § 10-110 governs expungement eligibility and procedures.
Expungement and Record Shielding
Maryland law provides several mechanisms to limit criminal record accessibility. Expungement completely removes records from public access and court files. Maryland Criminal Procedure Code § 10-105 allows expungement of charges not resulting in conviction, including acquittals, dismissals, and nolle prosequi dispositions. Certain convictions also qualify for expungement after waiting periods: three years for most misdemeanors, and ten years for some nuisance crimes. Defendants who successfully complete probation before judgment may petition for expungement three years after the disposition.
Maryland also offers "shielding" for certain convictions that cannot be fully expunged. Shielded records remain in court files but are not publicly accessible through the Judiciary Case Search or disclosed on most background checks. Maryland Criminal Procedure Code § 10-301 through § 10-306 establishes shielding procedures for eligible convictions after specified waiting periods.
Disputing Inaccurate Records
If employment background checks contain inaccurate information, you have several remedies. For criminal records, contact the Maryland Judiciary Records Division at 410-260-1430 to request corrections. For credit report errors, dispute directly with the credit bureau under FCRA procedures. For background check errors, the federal Fair Credit Reporting Act requires consumer reporting agencies to investigate disputes within 30 days. Send written disputes to the background check company and the information furnisher, including documentation supporting your claim. Maryland consumers can also file complaints with the Maryland Consumer Protection Division if background check companies violate state consumer protection laws.
Protecting Yourself in Maryland
Taking proactive steps to protect your privacy in Maryland involves multiple strategies addressing different types of personal information exposure.
Step 1: Opt Out of People-Search Sites
Begin with major data broker websites. For Spokeo, visit spokeo.com/optout, search for your listing, copy the URL, and submit the opt-out form. For WhitePages, go to whitepages.com/suppression-requests, find your listing, and follow the verification process. BeenVerified requires visiting beenverified.com/app/optout/search, locating your profile, and submitting removal requests. Intelius opt-out is at intelius.com/optout, PeopleFinder at peoplefinder.com/opt-out, and Radaris at radaris.com/control/privacy. Document each request and check back periodically, as information may reappear.
Step 2: Implement Credit Freezes
Contact all three major credit bureaus to place security freezes. For Equifax, visit equifax.com/personal/credit-report-services/credit-freeze or call 800-349-9960. For Experian, go to experian.com/freeze/center.html or call 888-397-3742. For TransUnion, visit transunion.com/credit-freeze or call 888-909-8872. Maryland law requires free freezes, and implementation within one business day for online/phone requests. Save your PIN or password for each bureau, as you'll need it to temporarily lift freezes when applying for credit. Consider also freezing reports at Innovis (innovis.com/personal/securityFreeze) and the National Consumer Telecom & Utilities Exchange (nctue.com/consumers).
Step 3: Request Removal from Public Records Websites
While Maryland public records remain accessible through official government channels, commercial websites republish this information. Beyond general data brokers, target sites specifically aggregating court records, property records, and professional licenses. Each county and municipality may have different procedures for restricting address information in official databases. Contact your local election board to request confidential voter registration if you qualify under Maryland Election Law Code § 3-508 (victims of domestic violence, participants in address confidentiality programs, judges, and law enforcement officers).
Step 4: Explore Maryland Expungement Options
If you have criminal records, determine expungement eligibility. The Maryland Courts website provides an expungement eligibility checker at mdcourts.gov/legalhelp/expungement. For qualifying records, file a Petition for Expungement in the circuit court where charges originated. Maryland courts provide form petitions (Form CC-DC-CR-072 for most expungements). File separately for each case/charge. The filing fee is $30 per case, waived for indigent petitioners. The State's Attorney receives notice and may object. Courts typically decide within 30 days for non-conviction expungements. For complex cases or objections, consider consulting an attorney. The Maryland Legal Aid Bureau (mdlab.org) provides free assistance to eligible low-income residents.
Step 5: Contact Maryland-Specific Agencies
For specific privacy concerns, contact relevant Maryland agencies. The Maryland Attorney General's Consumer Protection Division handles consumer privacy complaints (410-528-8662). The Maryland Health Care Commission addresses health privacy issues (410-764-3460). The Maryland Department of Labor investigates employment privacy violations (410-767-2241). For public records disputes, contact the Public Information Act Compliance Board (410-260-1950 or piacompliance@maryland.gov). The Maryland Office of Administrative Hearings handles certain privacy-related administrative appeals (410-229-4100).
Step 6: Utilize Address Confidentiality Programs
Maryland's Address Confidentiality Program (ACP), administered by the Office of the Secretary of State, provides confidential address services for victims of domestic violence, human trafficking, sexual offenses, and stalking. Participants receive a substitute address for public records, voter registration, and government correspondence. The program forwards mail to participants' actual addresses. Apply through approved application assistants at domestic violence service providers. Contact the ACP at 410-974-5534 or safeatHome@maryland.gov for more information.
Step 7: Monitor and Maintain Privacy
Privacy protection is ongoing. Schedule quarterly reviews of your credit reports, annual searches of your name on people-search sites, and periodic checks of public records databases. Set Google Alerts for your name to monitor new online appearances. Consider privacy-focused services like DeleteMe or Privacy Duck for ongoing data broker removal, though these involve subscription fees. Maintain documentation of all opt-out requests, freeze confirmations, and correspondence with agencies.
Maryland Data Breach Notification
Maryland's data breach notification law, codified in Maryland Commercial Law Code § 14-3504, establishes specific requirements for businesses and government entities that experience data breaches affecting Maryland residents.
Who Must Notify
Any business that owns or licenses computerized data containing personal information about Maryland residents must provide notice if the business discovers or is notified of a breach of the security of the system. "Personal information" means an individual's first name or first initial and last name in combination with any of the following: Social Security number, driver's license number, financial account number, or credit/debit card number that would permit access to an account. The law applies regardless of whether the business is located in Maryland; the trigger is maintaining data about Maryland residents.
Notification Timeframe
Businesses must notify affected Maryland residents "without unreasonable delay." The statute does not specify an exact number of days, providing flexibility based on circumstances while requiring expeditious notification. Maryland Attorney General guidance interprets this to mean as soon as possible after confirming the breach and determining affected individuals, typically within days to two weeks. Notification may be delayed if a law enforcement agency determines notification will impede a criminal investigation, but only for the period specified by law enforcement.
Method of Notification
Notice must be provided by written notice, electronic notice (if consistent with federal E-SIGN Act provisions), or substitute notice if other methods are cost-prohibitive or the business lacks sufficient contact information. Substitute notice requires email if available, conspicuous website posting, and notification to major statewide media. The notice must include: description of the breach, types of personal information compromised, actions taken by the business to protect affected individuals, contact information for major credit reporting agencies, and advice to consumers about steps they can take to protect themselves.
Attorney General Notification
If a breach affects 1,000 or more Maryland residents, businesses must notify the Maryland Attorney General in addition to affected individuals. This notification should be provided to the Consumer Protection Division and should include the same information provided to consumers, plus the approximate number of affected Maryland residents and the date of the breach discovery.
Penalties for Violations
Violations of Maryland's data breach notification law constitute unfair or deceptive trade practices under the Maryland Consumer Protection Act. The Attorney General can seek civil penalties up to $10,000 per violation, injunctive relief, and restitution for affected consumers. Willful violations may result in enhanced penalties. Additionally, businesses failing to maintain reasonable security measures as required by § 14-3503 face similar enforcement actions. Private rights of action are limited; typically, enforcement is through the Attorney General's office, though affected individuals may have claims for damages under common law negligence or other theories if they suffer actual harm.
Exceptions
Notice is not required if the business determines, after appropriate investigation and consultation with relevant federal, state, or local agencies, that the breach is unlikely to result in harm to affected individuals. This determination must be documented. Additionally, entities already subject to federal breach notification requirements under other laws (such as HIPAA for health information or Gramm-Leach-Bliley for financial institutions) may comply with those requirements instead, provided they are substantially similar to Maryland's requirements.
Children's Privacy in Maryland
Maryland provides multiple layers of protection for children's personal information through federal and state laws addressing online privacy, educational records, and health information.
COPPA Compliance
The federal Children's Online Privacy Protection Act (COPPA) applies nationwide, including Maryland. COPPA requires websites and online services directed to children under 13 to obtain verifiable parental consent before collecting personal information from children. Operators must post privacy policies, provide notice to parents about information practices, and allow parents to review and delete their children's information. Maryland parents can file COPPA complaints with the Federal Trade Commission. Maryland's Consumer Protection Division also investigates potential COPPA violations affecting Maryland children.
Maryland Student Data Privacy
Maryland Education Code § 4-131 through § 4-133 establishes the Student Data Privacy Act, governing how educational technology vendors can collect, use, and disclose student information. Operators of websites, online services, or mobile applications used primarily for K-12 school purposes are prohibited from selling student information, using it for targeted advertising, or creating profiles for non-educational purposes. Vendors must implement reasonable security measures and delete student data upon school request. Maryland schools must conduct privacy reviews before implementing new educational technology and must provide parents with information about data collection practices.
FERPA in Maryland
The federal Family Educational Rights and Privacy Act (FERPA) protects student education records nationwide. In Maryland, FERPA provides parents and eligible students (those 18 or older) the right to inspect and review education records, request corrections of inaccurate information, and control disclosure of personally identifiable information. Maryland Code of Maryland Regulations (COMAR) 13A.08.02 implements FERPA provisions and establishes additional state-level protections. Maryland parents can file FERPA complaints with the U.S. Department of Education Family Policy Compliance Office.
Maryland Children's Health Privacy
Maryland law provides special protections for children's health information. Minors have independent rights to consent to certain medical treatments (substance abuse treatment, mental health services, reproductive health services) under Maryland Health-General Code § 20-102, and healthcare providers cannot disclose information about these services to parents without the minor's consent except in limited circumstances. This creates privacy protections for adolescents seeking sensitive healthcare services.
Genetic Privacy for Children
Maryland Health-General Code § 4-302 specifically prohibits genetic testing of children for employment or insurance purposes. Insurers cannot require or request genetic testing of minors, and employers cannot condition employment of parents on children's genetic information.
Frequently Asked Questions
How do I access my Maryland public records to see what information is available about me?
To access your Maryland public records, start with the Maryland Judiciary Case Search (casesearch.courts.state.md.us) for court records. Search county land records through the Maryland State Archives Land Records portal or individual county clerk websites for property records. For motor vehicle records, submit form DR-057 to the Maryland Motor Vehicle Administration. Criminal background checks are available through the Criminal Justice Information System at 410-764-4501. For comprehensive searches, submit MPIA requests to specific agencies maintaining records about you. Remember that some information (Social Security numbers, certain addresses) is exempt from public disclosure even in records concerning you.
Can Maryland employers access my social media accounts?
No. Maryland Labor and Employment Code § 3-712 prohibits employers from requesting or requiring access to personal social media accounts. Employers cannot ask for usernames, passwords, or other authentication information. They cannot require you to add them to your contact lists, access your accounts in their presence, or waive the protections of this law. However, employers can view information you make publicly accessible, and they can require access to work-related accounts provided by the employer. If an employer violates this law, file a complaint with the Maryland Commissioner of Labor and Industry at 410-767-2241.
How long does it take to expunge a criminal record in Maryland?
The timeline varies based on record type and court workload. For non-conviction records (acquittals, dismissals, nolle prosequi), you can file immediately after disposition. Once filed, courts typically decide within 30 days if there's no objection. If the State's Attorney objects, a hearing is scheduled, extending the process by several months. For conviction expungements requiring waiting periods (three years for most misdemeanors, longer for some offenses), the process begins only after the waiting period expires. From filing to final order, expect 60-90 days for uncontested cases, 4-6 months for contested cases. Shielding follows similar timelines. Processing times vary by jurisdiction; Baltimore City typically takes longer than rural counties.
What should I do if a Maryland business experiences a data breach affecting my information?
First, carefully read the breach notification to understand what information was compromised. If Social Security numbers or financial account information was exposed, immediately place fraud alerts with all three credit bureaus (one call automatically notifies the others). Consider implementing credit freezes at Equifax, Experian, and TransUnion. Monitor your credit reports, bank statements, and explanation of benefits from health insurers for suspicious activity. If the breach involved financial accounts, contact those institutions directly to discuss account security measures. Document all communications and expenses related to the breach. If the company offers free credit monitoring or identity theft protection services, enroll promptly. Report the breach to the Maryland Attorney General's Consumer Protection Division at 410-528-8662 if you believe the company failed to provide timely notification or adequate response.
How can I remove my home address from Maryland public records?
Complete removal is generally not possible, but you can limit accessibility. The Maryland Public Information Act exempts home addresses from disclosure in certain contexts under § 4-330, but this doesn't remove them from records. If you're a victim of domestic violence, human trafficking, sexual offense, or stalking, apply for Maryland's Address Confidentiality Program through the Secretary of State (410-974-5534). This provides a substitute address for public records and voter registration. Law enforcement officers, judges, and certain other officials can request address confidentiality under specific statutory provisions. For property records, addresses remain public, but you can use LLCs or trusts to hold property, obscuring direct ownership links. For voter registration, qualifying individuals can request confidential status through local election boards under Maryland Election Law Code § 3-508. Contact commercial data brokers to opt out of their services, though this doesn't affect official government records.
Are background check companies allowed to report arrests that didn't lead to conviction in Maryland?
This depends on the context. For employment background checks, Maryland Criminal Procedure Code § 10-109 prohibits employers from requiring disclosure of criminal charges that did not result in conviction or that were expunged. However, consumer reporting agencies (background check companies) operating under federal Fair Credit Reporting Act rules can report arrests for seven years from the date of disposition unless the position pays over $75,000 annually (no time limit). Maryland law is more protective: employers generally cannot refuse employment based solely on arrests not leading to conviction. If a background check report includes expunged records, this violates Maryland law. Dispute immediately with the reporting agency, as they must correct inaccurate information. For non-employment purposes (housing, volunteering), different standards may apply, but expunged records should never appear.
Can I sue if someone violates my privacy rights in Maryland?
It depends on which privacy right was violated. Maryland recognizes common law invasion of privacy claims, including intrusion upon seclusion, public disclosure of private facts, false light, and misappropriation of name or likeness. For violations of specific statutes, remedies vary. Maryland's data breach notification law is primarily enforced by the Attorney General, with limited private rights of action. HIPAA violations are enforced federally, not through private lawsuits. However, state medical privacy violations may support malpractice or breach of confidentiality claims. Employment privacy violations (illegal credit checks, social media access demands) can be reported to the Commissioner of Labor and Industry; private lawsuits may be possible depending on resulting damages. Defamation and related claims remain available