Cyberattacks on colleges and universities have been on the rise for years, and this trend will likely continue in 2025. In response to this, we can expect to see a number of new data privacy and security developments that will impact higher education in the new year.
Maryland Higher Education Privacy Governance
Section 10-13A-03 of the Maryland State Government Code, effective October 1, 2024, requires public higher education institutions in Maryland to classify their systems based on the risk posed by the personally identifiable information (PII) they handle.
These institutions must implement a privacy governance program to manage each system, ensuring PII is processed accurately and securely, prohibiting unauthorized third-party disclosures, and allowing individuals to access and correct their PII. This comprehensive approach aims to protect the privacy and security of PII at these institutions.
Section 10-13A-03 Expertise
Data Mapping and Inventory
Data Privacy Governance Program
Data Security & Privacy Assessment
Remediation Roadmap and Implementation Plan
Trusted by Leaders of Industry
Our team of expert consultants works closely with Fortune 500 companies, mid-market businesses, and not-for-profit organizations spanning industries including retail, manufacturing, finance, technology, and more.
What is Section 10-13A-03 of the Maryland State Government Code?
Section 10-13A-03 of the Maryland State Government Code, effective October 1, 2024, mandates that public institutions of higher education in Maryland review and designate their systems as “systems of record” based on the risk posed to individuals by the personally identifiable information (PII) processed and stored on these systems.
This section requires institutions to develop and adopt a privacy governance program that governs each system of record. The program must identify and document the purpose of processing PII, prohibit disclosure to third parties without consent, and ensure third parties comply with the institution’s privacy governance program.
Additionally, the privacy governance program must take reasonable steps to ensure the accuracy, relevance, timeliness, and completeness of the PII processed. It also requires institutions to provide individuals with access to their PII, allow them to request corrections, and document any disagreements regarding the accuracy of the information. This comprehensive approach aims to protect the privacy and security of PII at public institutions of higher education in Maryland
Why Is Complying With Section 10-13A-03 Important?
Compliance with Section 10-13A-03 is crucial because it ensures the protection of personally identifiable information (PII) at public higher education institutions.
By implementing robust privacy governance programs, institutions can prevent unauthorized access and misuse of sensitive data, thereby safeguarding individuals’ privacy and reducing the risk of identity theft and other cyber threats.
Additionally, compliance fosters trust among students, staff, and the public, demonstrating the institution’s commitment to data security and ethical practices.
Handle Data Responsibly
Section 10-13A-03 provides organizations with a strict set of standards for the responsible handling of personal information.
Build Trust With Students and Staff
Compliance helps establish trust with students and staff by signaling that your organization is committed to protecting their data.
Avoid Enforcement
Institutions that fail to adhere to the requirements may face legal and financial consequences, including fines and potential lawsuits.
How Zaviant Can Help
Zaviant serves as a trusted compliance partner for some of Maryland’s finest higher education facilities.
We can help your organization:
Develop Data Mapping & Inventory Documentation
Implement a Data Privacy Program
Conduct Data Security Assessment
Be confident that you are fully compliant
Related Services
CCPA/CPRA
We tailor strategies to your unique risks and compliance needs, ensuring robust protection against cyber threats.
ISO 27001/2
As organizations continue to navigate the complexities of an increasingly interconnected digital world,.
NIST CSF
In 2013, the National Institute of Standards and Technology (NIST) added a Cybersecurity Framework, known as NIST CSF.