Skip Maine state header navigation

Agencies | Online Services | Help

Maine State Government

Dept. of Administrative & Financial Services

Office of Information Technology


Information Privacy Policy

I. Statement

Within the operations of the State of Maine all implementations of information and telecommunication technologies will protect the confidentiality of all non-public records that are collected from respondents through State of Maine information collection activities or from other sources and that is maintained on State systems.  For the purposes of this policy the information termed “non-public records” is limited to those records excepted from definition as “Public Records” in 1 MSRA §402   

II. Purpose

The purpose of this policy is to define the responsibilities of State personnel and the implementation requirements of State information and telecommunications systems to prevent the unauthorized disclosure of information.

III. Applicability

The scope of this policy is limited to the activities of personnel within the Office of Information Technology as well as anyone handling any data processed or maintained on any infrastructure and systems operated by the Office of Information Technology.  Additionally, this policy seeks to appropriately set the privacy expectations of those electronically interacting with State government.   

IV. Responsibilities

A. Pursuant to Title 5 MSRA §1973 the Chief Information Officer of the State of Maine is charged with the responsibility of setting the applicable privacy policies for the implementation and use of information and telecommunications technologies.

B. The Office of Information Technology and its staff are charged with protecting the confidentiality of all agency information maintained on its systems, regardless of its nature, unless it is specifically authorized by the data custodial agency for disclosure

C. The Data Custodian will authorize the collection and maintenance of the minimum information needed to achieve its statutorily defined purposes.  Further, the Data Custodian is solely authorized to disclose maintained data whether that release serves its statutorily defined purposes or under the provisions of the Freedom of Access Act 1 MSRA chapter 13.

V. Guidelines and Procedures

A. All applications and systems exposed to the Internet will provide access to a Privacy Statement via a prominent link that appropriately sets the privacy expectations of those interacting with State government.  This Privacy Statement may take any form but must[1]:

1. address the public nature of most data shared with State government

2. inform the user that sharing that information via the application is voluntary;

3. identify any information automatically collected through the users interaction with the application and;   

4. provide contact information for parties interested finding additional information on how their data will be used and potentially disclosed.

VI. Definitions

A. Public Records; as defined in Title 1 MSRA §402.

B. Data Custodian; as defined in Title 1 MSRA §532.

VII. References

A. Office of Information Technology Title 5 MSRA Ch.163.

B. Freedom of Access Act Title 1 MSRA Ch. 13.

C. Electronic Access to Public Information Title 1 MSRA Ch.14.

VIII. Document Information

1.  Document Reference Number: 47


2.  Category:   Technology


3.  Adoption Date:  May 1, 2012


4.  Effective Date:  May 1, 2012


5.  Review Date:  May 1, 2014


6.  Point of Contact:  Paul Sandlin, eGovernment Services, telephone: 207-619-2244


7. Approved By: James R. Smith, Chief Information Officer


8.  Position Title(s) or Agency Responsible for Enforcement:  Paul Sandlin, eGovernment Services, telephone: 207-619-2244


9.  Legal Citation: The authority for this policy is established under Title 5 MSRA §1973.


10. Waiver Process: See the Waiver Policy[2].



[1] For example the privacy policy at