Timing of Consumer Notification
“As expediently as possible and without unreasonable delay.”
Method of Notice
Mail. Email permitted if complies with E-SIGN.
Breach Definition
Unauthorized access, acquisition, release or use of individual’s data that includes personal information that compromises security, confidentiality or integrity of personal information of individual.
PII Definition
Individual’s first name, or first initial, and last name in combination with any of these, when not encrypted or redacted:
  1. Social Security number;
  2. Driver license number or state identification card number;
  3. Account number or credit card number or debit card number if such number could be used without additional identifying information, access codes or passwords;
  4. Account passwords or PII numbers or other access codes; or
  5. Any of above when not in connection with individual’s first name, or first initial, and last name, if information compromised would be sufficient to permit a person to fraudulently assume or attempt to assume identity of person whose information was compromised.
Third Party Notice
If data collector maintains covered information for someone else, it must notify them immediately following discovery of breach.
How to Notify
No specific content requirement.
Substitute Notice
All: (a) email, if entity has email addresses for individuals to be notified; (b) conspicuous posting of notice on entity’s website if it maintains one; and (c) notification to major statewide media.
Credit Monitoring
No requirement noted.
When to Notify Credit Agencies
If more than 1,000 Maine residents must be notified.
This State's Law
None.
State Government Agency Notification Required
Yes, Maine Attorney General.