Purpose: Establish requirements for the recording and storage of electronic communications. The increased adoption of online collaboration tools and the legal implications around the recording and storage of electronic communications creates the need for this policy. Maryland law describes the conditions required to record electronic communications, and the criminal and civil consequences that may result should one fail to comply.
Policy Statement: Maryland law prohibits the recording of electronic communications unless all parties give consent and compels governmental units to ensure appropriate safeguards are in place to protect the confidentiality of stored sensitive information. Therefore, it is the policy of the State that:
The recording of electronic communications:
may only occur on platforms that are organizationally approved and managed by the State;
may only occur after participants have been notified and have either explicitly consented to the recording or have been permitted the opportunity to leave the call;
are the property of the State of Maryland;
may be subject to inspection, in part or in whole, as a public record; and
must be made available to all participants on request.
The storage of electronic communications must:
meet the requirements for securing recorded data consistent with the data’s classification level;
be managed to ensure compliance with State and unit-level retention requirements;
have contractual SLAs describing the security, confidentiality, privacy, and availability commitments for the information, if stored in a cloud environment; and
meet any applicable requirements of State and Federal law and regulations.
Applicable Law & Other Policy:
Maryland State Finance and Procurement Code Ann. Title 3A
Governor’s Executive Order 01.01.2019.07
Maryland State Government Code §10-1301-1308
Maryland Courts and Judicial Proceedings Code §10-402
Maryland General Provisions Code §4-201-206
Scope and Responsibilities: All executive branch units of state government, except those identified in Maryland Code, SF&P § 3A-302. Agency executives, managers and staff shall ensure compliance with this policy.
Department of Information Technology (DoIT): An executive branch unit of Maryland state government, organized according to Maryland Code, State Finance and Procurement Article, § 3A.
Electronic Communication: Any communication using telephone, cellular telephone, voice over Internet Protocol (VoIP), or video teleconferencing.
Explicit Consent: Consent that is received through an individual’s affirmative consent to the recording.
Implied Consent: Consent that is received through an individual’s continued participation following notification of the initiation or prior activation of recording.
Policy: A statement of jurisdiction and methods to guide agencies in the management of IT resources and services.
Recording: The storage of audio, video, or text transcription of an electronic communication in any format.
Technical Specifications: Available at: https://doit.maryland.gov/policies/Pages/default.aspx
Policy Review: By the DoIT IT Policy Review Board annually or as needed.
Contact Information: Chair, IT Policy Review Board, email@example.com 410-697-9724. The Policy #20-24
steward is the DoIT Chief Information Security Officer.
Signed 20-11 Electronic RecordingsThe PDF version of this policy represents the authoritative policy document. This PDF version of the policy shall prevail in the event of any inconsistency between the signed policy document and the text presented on this page.
100 Community Place, Crownsville, MD 21032
300-301 West Preston Street, Baltimore MD 21201
410-697-9700 - Dial 7-1-1 to place a call through Maryland Relay