Privacy Incident Response

Protecting the information that Maryland citizens provide to State agencies is important to establish and maintain public trust and confidence. The State of Maryland has created a Privacy Incident Response Plan that State agencies should use in the event of a privacy incident where the agency believes data may have been impacted. This impact can occur through various way both inadvertently, purposefully, or maliciously. A potential impact to data includes, but is not limited to, the following: unauthorized access to sensitive information by an individual or individuals that do not have a proper business to access the data, inadvertent or malicious editing, deletion, or exfiltration of data, ransomware that renders data unreadable and otherwise unavailable for normal business purposes. 

Be mindful that privacy incidents can occur with electronic data as well as paper and hardcopy records that are kept offline. 

By ensuring agencies practice proper privacy incident response, the State of Maryland can: 

• Maintain public trust and transparency 
• Mitigate impact of the incident
• Properly notify affected individuals and provide them with clear next steps, if necessary.
• Ensure compliance with standards, regulations, and laws as required for certain types of data.
• Develop lessons learned to incorporate into practices moving forward.