Join Us for the 2024 Colorado Privacy Summit on September 26th! 

    • See What Our Team Is Up To

  • Contact Us

Maryland Higher Education Privacy Governance

Section 10-13A-03 of the Maryland State Government Code, effective October 1, 2024, requires public higher education institutions in Maryland to classify their systems based on the risk posed by the personally identifiable information (PII) they handle. 

These institutions must implement a privacy governance program to manage each system, ensuring PII is processed accurately and securely, prohibiting unauthorized third-party disclosures, and allowing individuals to access and correct their PII. This comprehensive approach aims to protect the privacy and security of PII at these institutions.

Section 10-13A-03 Expertise

Data Mapping and Inventory

Data Privacy Governance Program

Data Security & Privacy Assessment

Remediation Roadmap and Implementation Plan

Contact Us - Header Form
By submitting this form, you agree to our Terms. View our Privacy Statement.

Trusted by Leaders of Industry

Our team of expert consultants works closely with Fortune 500 companies, mid-market businesses, and not-for-profit organizations spanning industries including retail, manufacturing, finance, technology, and more.

What is Section 10-13A-03 of the Maryland State Government Code?

Section 10-13A-03 of the Maryland State Government Code, effective October 1, 2024, mandates that public institutions of higher education in Maryland review and designate their systems as “systems of record” based on the risk posed to individuals by the personally identifiable information (PII) processed and stored on these systems. 

This section requires institutions to develop and adopt a privacy governance program that governs each system of record. The program must identify and document the purpose of processing PII, prohibit disclosure to third parties without consent, and ensure third parties comply with the institution’s privacy governance program. 

Additionally, the privacy governance program must take reasonable steps to ensure the accuracy, relevance, timeliness, and completeness of the PII processed. It also requires institutions to provide individuals with access to their PII, allow them to request corrections, and document any disagreements regarding the accuracy of the information. This comprehensive approach aims to protect the privacy and security of PII at public institutions of higher education in Maryland

Why Is Complying With Section 10-13A-03 Important?

Compliance with Section 10-13A-03 is crucial because it ensures the protection of personally identifiable information (PII) at public higher education institutions. 

By implementing robust privacy governance programs, institutions can prevent unauthorized access and misuse of sensitive data, thereby safeguarding individuals’ privacy and reducing the risk of identity theft and other cyber threats.

Additionally, compliance fosters trust among students, staff, and the public, demonstrating the institution’s commitment to data security and ethical practices.

Handle Data Responsibly

Section 10-13A-03 provides organizations with a strict set of standards for the responsible handling of personal information.

Build Trust With Students and Staff

Compliance helps establish trust with students and staff by signaling that your organization is committed to protecting their data.

Avoid Enforcement

Institutions that fail to adhere to the requirements may face legal and financial consequences, including fines and potential lawsuits.

How Zaviant Can Help

Zaviant serves as a trusted  compliance partner for some of Maryland’s finest higher education facilities.

We can help your organization:

Develop Data Mapping & Inventory Documentation

Implement a Data Privacy Program

Conduct Data Security Assessment

Be confident that you are fully compliant

Related Services

CCPA/CPRA

We tailor strategies to your unique risks and compliance needs, ensuring robust protection against cyber threats.

ISO 27001/2

As organizations continue to navigate the complexities of an increasingly interconnected digital world,.

NIST CSF

In 2013, the National Institute of Standards and Technology (NIST) added a Cybersecurity Framework, known as NIST CSF.

Get In Touch

We look forward to hearing from you