An official website of the State of Maryland.

Translate

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Privacy Notice

Updated June 26, 2026

Thank you for visiting a website published and managed by the State of Maryland Department of Information Technology. This statement applies specifically to Maryland.gov and State agency websites that have been authorized to link to this central privacy statement.

1. Introduction

The State of Maryland, and its constituent agencies (“we,” “our,” “us”), is committed to maintaining the confidentiality, accuracy, and security of your Personal Information (as defined in Section 2) and the application of generally accepted fair information privacy principles. This Privacy Notice applies specifically to Maryland.gov websites and State agencies that have been authorized to link to the Department of Information Technology’s  central privacy statement and governs the actions related to the collection, processing, protection, and disclosure of Personal Information. We  are responsible for maintaining and protecting the Personal Information that is under our control. This Privacy Notice applies to all Personal Information collected, used, and disclosed by an agency, and through various means, including our websites, in-person services, and written correspondence.

2. What Personal Information We Collect

We may collect and process the following categories of information about you (“Personal Information”):

  • Standard Identifiers: Full name (including given and surnames), personal mark,  home address, mailing address, telephone number, and email address.
  • Government-Issued Identifiers: Social Security Number (SSN), driver’s license number, state identification card number, passport number, or other individual identification numbers issued by state or federal units.
  • Financial Information: Taxpayer Identification Numbers, financial or other account numbers, credit card numbers, or debit card numbers that, in combination with any required security code, access code, or password, would permit access to an individual’s account.
  • Sensitive Data: Data revealing racial or ethnic origin, religious beliefs, consumer health data (including protected health information), sex life, sexual orientation, status as transgender or nonbinary, national origin, citizenship or immigration status, unique biometric or genetic print/image, precise geolocation data, or personal data of an individual known or reasoned to be a child.

This information is collected in accordance with applicable federal and state laws relevant to the data collection and services provided to the public (including the Maryland Public Information Act, the Maryland Online Data Privacy Act, Health Insurance Portability and Accountability Act  (HIPAA), Family Educational Rights and Privacy Act (FERPA), Criminal Justice Information Services (CJIS), and Federal Tax Information requirements).

3. Why We Collect and Use Your Personal Information

  1. Why We Collect Your Information

We collect, process, and disclose Personal Information to determine, for example, whether you are eligible for the specific State services, benefits, and/or products you have applied for or requested from us. We may also collect certain sensitive or financial information for other purposes, such as in order to fulfill a service or benefit request that requires that information. 

We may offer you the opportunity to apply for additional benefits or services from other agencies that we believe you might be eligible for or interested in. In certain circumstances, the purposes for which information is collected may be self-explanatory, and consent may be implied, such as where you or a designee provide your name, address, and payment as part of an application or other process.

  1. How We Use Your Information

Beyond determining your eligibility for the specific state services, benefits, and/or products you have applied for or requested, we also use your information to manage and improve State services, perform data analytics, and comply with legal requirements. Your information may also be used to support audits and investigations, prevent fraud, detect and respond to security incidents, or improve internal programs and operations. Where permitted by law, information may be shared with other government agencies or authorized entities for these purposes. We only use Personal Information as necessary to fulfill these functions and in accordance with applicable privacy and data protection laws.

4. Knowledge and Consent

Your knowledge and consent are required for the collection, processing, or disclosure of Personal Information, except when the law permits us to do so without your knowledge or consent. The purposes for which we collect Personal Information will be identified before or at the time we collect the information. Providing us with your Personal Information is always your choice. However, your decision not to provide certain information may limit our ability to provide you with the services you seek. We will not require you to consent to the collection, processing, or disclosure of information as a condition to the supply of a product or service, unless such information is necessary to provide the product or service to you, or if it is required by law. Your signature on a document or “clicking” your agreement on an electronic application serves as your consent.

5. Limiting Collection

We adhere to data minimization principles, collecting only the Personal Information that is reasonably necessary, proportionate, and directly relevant to fulfill the specified purposes. In the event we receive your Personal Information from a third party, such as the federal government or an identity verification vendor, we enter into appropriate  agreements and request only that information required to meet a contractual or statutory purpose.

6. Use, Disclosure, and Retention of Personal Information

Unless you give permission, this Notice explains otherwise, or the law requires or allows it, we use or share your Personal Information only for the purpose for which it was collected. We retain your Personal Information only for as long as necessary to meet that purpose, following approved state records retention schedules, or in compliance with the law.

We may share Personal Information with third-parties that process your Personal Information on our behalf so that we can fulfill your requests. Prior to sharing Personal Information with these third-parties we enter into agreements with them requiring them to adhere to strict obligations regarding data use, protection, security, confidentiality, and non-disclosure. We do not sell your personal information to any third-party under any circumstances.

To better serve Marylanders, we may de-identify or anonymize personal information that pertains to you for our performance improvements, and may make it available to other State agencies so they can measure and improve service performance, or for research purposes. New protection methods, like privacy enhancing technologies (“PETs”), such as data masking, differential privacy, federated learning, homomorphic encryption, zero-knowledge proofs, and trusted execution environments, ensure that Maryland State agencies can securely utilize anonymous data without releasing any personal information. 

Information that you share with us, including Personal Information, may be subject to public disclosure if required by the Maryland Public Information Act (General Provision Article § 4-101 et seq.), if necessary to perform our official duties, or as otherwise required by applicable law. However, Maryland law includes exemptions that protect certain information from being publicly released in specified circumstances.

7. Accuracy

We strive to maintain Personal Information in as accurate, complete, and up-to-date form as is necessary to fulfill the purposes for which you provided it. We may ask for or implement verification processes to maintain up-to-date Personal Information. Pursuant to the Maryland Public Information Act (General Provisions Article § 4-502 — “Corrections of Public Record.” - PDF), data subjects have the right to request corrections, update old information, or add missing details to their records. You are responsible for ensuring that the Personal Information you provide to us is accurate and current, and you should notify organizations whenever your details change.

8. Safeguarding Personal Information

State and federal laws provide comprehensive protections for the Personal Information you provide. Pursuant to Maryland law, we protect Personal Information using reasonable administrative, technical, and physical security safeguards appropriate to the nature of the information collected, our services, and our operations. We use encryption, access controls, and secure data storage to protect your Personal Information. 

In the event that your Personal Information is accessed by unauthorized individuals resulting in a breach of the security of a system, we will notify you and the appropriate regulatory authorities in accordance with applicable laws and our data breach response plan.

9. Privacy Notice Changes

We will make information available to you about our policies and practices with respect to how we manage Personal Information. Following statutory directives and industry best practices, we review and update our privacy notices at least annually to ensure they accurately reflect current data practices, new system implementations, or evolving legal frameworks. We will inform you of significant changes to our privacy practices by posting an updated Privacy Notice with a “Last Updated” date.

10. Access to Personal Information

Upon your request, we will inform you of the existence, use or disclosure of your Personal Information. You may gain access to and verify the accuracy and completeness of your Personal Information. You may also request amendment or deletion of the Personal Information we obtained directly from you, as permitted by law and subject to State records retention schedules. To make changes to Personal Information that we have received about you from a third party, contact that third party directly, as we cannot update third-party records.

There may be times when we are prohibited from disclosing certain information to you. For example, we cannot provide access to records that contain the Personal Information of other individuals, or where other legal, law enforcement, or security restrictions apply. If we are unable to fulfill your request, we will provide a clear explanation and document the denial in your record.

11. Artificial Intelligence

As technology advances, you may interact with Generative Artificial Intelligence (AI) directly (such as through a public-facing chatbot) or indirectly when we utilize automated systems or algorithms to process your Personal Information. We will maintain strict transparency during direct AI interactions. We follow the State of Maryland’s Responsible AI Policy and related guidelines to ensure your privacy is protected.

12. How to Contact Us

You may direct any questions about this Privacy Notice, requests to exercise your data rights, or complaints about our privacy practices by contacting the designated privacy personnel or privacy team for the relevant State unit. Inquiries can be submitted via mailing address, telephone number, or a dedicated agency privacy email address.

13. E-Mail

If you send us an e-mail, we may use the information you sent us to respond to your inquiry, just as we do with written correspondence. E-mail correspondence, like mailed correspondence, may become a public record, and could be disclosed to other parties upon their request in accordance with the Maryland Public Information Act.

14. Website Privacy

This section explains specific privacy practices related to websites maintained by the State of Maryland.

a) Cookies

A cookie is a small computer file or piece of information that may be stored on your computer's hard drive when you visit our websites. We may use cookies to improve our website’s functionality, track aggregate navigation metrics, and provide visitors with a customized online experience. 

Cookies are widely used, and most web browsers are configured initially to accept cookies automatically. You may change your browser settings to prevent your computer from accepting cookies, or to notify you when you receive a cookie, so that you may decline it. Please note that disabling cookies may limit your access to certain features and affect your overall experience on our website.

b) Information Collected and Stored Automatically

When you browse our websites, read pages, or download information, certain information about your visit is automatically gathered and stored. This information does not identify you personally and includes the following:

  • The internet domain (example: Maryland.gov) and the IP address (the number automatically assigned to your computer when surfing the Web)  from which you access the site;
  • The type of browser and operating system used to access the site;
  • The date and time you access the site;
  • The specific page(s) you visit and documents downloaded; and
  • Your navigation through the website and actions (such as clicking a button), excluding any content entered into form fields other than search terms.

This information is used to make our websites more useful to visitors, to learn about the number of visitors to our sites, and the types of technology our visitors use. We do not track or record identifying information about individuals and their personal visits.

c) Other Websites

Our websites may contain links to other third-party sites that are not governed by this Privacy Notice. Although we try to only link to sites with high privacy standards, our Privacy Notice does not apply once you leave our website. Additionally, we are not responsible for the privacy practices employed by third-party websites. Therefore, you should read their individual privacy statements to learn how they collect, use, share, and disclose your information.

d) Site Security

To ensure that our websites remain secure and available to all users, we employ commercial software programs to monitor network traffic to identify unauthorized attempts to upload or change information or otherwise cause damage. 

Except for authorized law enforcement investigations, no other attempts are made to identify individual users or their usage habits. Unauthorized attempts to upload information or change information on our websites are strictly prohibited and may be punishable under State and Federal laws that protect against fraud and abuse of computer systems.