Maryland privacy officer urges committee to back broader data‑protection bill

Katerina Panolinen, Maryland’s state chief privacy officer, told the Senate Finance Committee on April 1 that House Bill 264 would modernize state rules for handling personal information and strengthen oversight of third‑party contracts.

"As we expand digital services and data sharing capabilities, we must equally be diligent in protecting the personal information of the Marylanders we serve," Panolinen said, urging the committee's support for the Maryland Data Privacy and Protection Act of 2026.

Panolinen said the bill would broaden Maryland’s statutory definition of "personal information" to incorporate certain sensitive identifiers — including gender identification, citizenship and immigration status, information about children and specific geolocation data — and would require agencies to limit data collection to the minimum necessary for a legitimate government purpose. The bill also would require agencies to post clear privacy notices, designate a privacy officer, include strict privacy protections in contracts with third‑party processors, and mandate secure deletion or de‑identification of records when they are no longer needed.

She framed the proposal as both a transparency and risk‑management measure: requiring accuracy and timely deletion, Panolinen said, would reduce risks from unauthorized resale or redisclosure and discourage development of secondary commercial markets for Marylanders’ data.

The presentation was a sponsor‑only hearing; Panolinen answered questions from the committee and asked for a favorable report. The committee did not record a vote during the session.