Maine entered the privacy fray last week when Governor Janet T. Mills signed legislation targeting internet service providers by prohibiting the sale of information about customers’ internet use. The new restriction covers, in part, customer web browsing history, application usage history, and geolocation information. An internet service provider may only use, disclose, sell or permit access to such information with either the customer’s consent or by complying with one of the few outlined exceptions in the statute.

The law also requires that internet service providers take reasonable security measures to protect their customers’ information from unauthorized use, disclosure or access. No specific level of security is required, with the legislation laying out several factors to consider when implementing security measures.

Finally, internet service providers must provide notice to customers at the time of sale and on their website of both their obligations and customers’ rights under this law.

Putting it Into Practice: Internet service providers should carefully review and update both their practices to comply with these new requirements and their privacy policy to ensure Maine residents receive notice that their information will not be used, disclosed, sold or accessed unless it fits within one of the exceptions outlined by the law.