On June 6, 2019 Maine’s governor signed into law LD 946, “An Act To Protect the Privacy of Online Customer Information.”
The Act applies to broadband internet service providers (ISPs) defined as any “mass-market retail service by wire or radio that provides the capability to transmit data to and receive data from all or substantially all Internet endpoints.”
ISPs are prohibited from using, disclosing, or selling their customers personal information, which includes the customer’s name, billing information, social security number, billing address and demographic data. The prohibition also extends to information on customers’ use of ISPs internet access service, such as web browsing history, application usage history, precise geolocation information, financial and health information, children information, internet protocol address and their origin and destination, and content of the customer’s communications.
Also, IPSs may not use the consumers’ personal information without the express, affirmative consent of the individual to whom it pertains. The Act includes several exceptions under which ISPs may use, disclose, sell or permit access to customer personal information. This is the case when ISPs have to comply with court orders, prevent unlawful subscription practices, or, for example, advertise communications-related services to the customers.
The Act also sets forth a duty to take reasonable measures to protect customer personal information from unauthorized use, disclosure or access.
The new law is considered “the strictest consumer privacy protections in the nation,” since it places among the toughest burdens on regulated entities to protect the data of their consumers. See here.