Ag Rowe Gives Notice Of Consumers' Rights Under "Data Act"

February 6, 2007

Attorney General Steven Rowe advises individuals, businesses and other entities, including colleges and universities and State agencies, who maintain computerized data containing personal information, that effective January 31, 2007, they will become subject to the Notice of Risk to Personal Data Act, 10 M.R.S.A. S1346-1349 (Data Act). The Data Act requires notification to consumers when there has been a security breach of computerized data containing their personal information that could result in identity theft.

Rowe explained "This law will help people protect themselves from identity theft by alerting them early when someone has gained unauthorized access to their private information. Early notification will allow people to better monitor their financial records for suspicious activity."

The Data Act also requires that notice be given to the Attorney General's Office or to the appropriate agency within the Department of Professional and Financial Regulation if the person, business or entity giving notice is regulated by that agency. Notice to the national consumer agencies is also required if notification to more than 1000 persons is required as a result of a security breach. Violations of the Data Act are civil violations for which fines and other equitable remedies may be imposed. The law is available on the State of Maine's internet site at

For more information on the Data Act, visit Additionally, persons may direct question to the Attorney General's Office by calling AAG Linda Conti at 626 -8591.