PogoWasRight.org

Menu
  • About
  • Privacy
Menu

State Data Minimization Laws Spark Compliance Uncertainty

Posted on June 4, 2025 by Dissent

Kathryn Rattigan of Robinson + Cole writes:

A new wave of state consumer privacy laws focused on limiting data collection is creating anxiety among businesses—and Maryland is leading the charge. The Maryland Online Data Privacy Act (MODPA), set to take effect in October 2025, requires companies to collect only data that is “reasonably necessary and proportionate” to their stated purposes. However, with no official guidance for compliance from the Maryland Attorney General, businesses are left guessing.

Under MODPA’s data minimization requirement, businesses should avoid collecting or processing more data than is necessary to provide a specific product or service to a consumer. In addition to the limited data collection requirement, MODPA also requires:

  1. Stricter Data Collection Practices for Sensitive Data: The data minimization requirements are more stringer for sensitive data, such as health information, religious beliefs, and genetic data.
  2. Ban on the Sale of Sensitive Data: The law prohibits the sale of sensitive data unless it is strictly necessary to provide or maintain a requested product or service.
  3. Explicit Consent: A business may not process personal information for a purpose other than the purpose(s) disclosed to the consumer at the time of collection unless the consumer provides explicit consent.
  4. Limited Retention: A business may not retain consumer data for longer than necessary to fulfill the purpose for which it was collected (i.e., now is the time to update or implement your retention program).

Read more at Data Privacy + Cybersecurity Insider

No related posts.

Category: Laws

Post navigation

← Supreme Court Agrees to Clarify Emergency Situations Where Police Don’t Need Warrant
Florida ban on kids using social media likely unconstitutional, judge rules →

Now more than ever

Search

Contact Me

Email: info@pogowasright.org

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

Categories

Recent Posts

  • Congress tries to outlaw AI that jacks up prices based on what it knows about you
  • Microsoft’s controversial Recall feature is now blocked by Brave and AdGuard
  • Trump Administration Issues AI Action Plan and Series of AI Executive Orders
  • Indonesia asked to reassess data privacy terms in new U.S. trade deal
  • Meta Denies Tracking Menstrual Data in Flo Health Privacy Trial
  • Wikipedia seeks to shield contributors from UK law targeting online anonymity
  • British government reportedlu set to back down on secret iCloud backdoor after US pressure

RSS Recent Posts on DataBreaches.net

  • Scattered Spider Hijacks VMware ESXi to Deploy Ransomware on Critical U.S. Infrastructure
  • Hacker group “Silent Crow” claims responsibility for cyberattack on Russia’s Aeroflot
  • AIIMS ORBO Portal Vulnerability Exposing Sensitive Organ Donor Data Discovered by Researcher
  • Two Data Breaches in Three Years: McKenzie Health
  • Scattered Spider is running a VMware ESXi hacking spree
©2025 PogoWasRight.org. All rights reserved.
Menu
  • About
  • Privacy