Communication Recordings

​​​​​Purpose

Establish requirements for the recording and storage of electronic communications. The increased adoption of online collaboration tools and the legal implications around the recording and storage of electronic communications creates the need for this policy. Maryland law describes the conditions required to record electronic communications, and the criminal and civil consequences that may result should one fail to comply.

Policy Statement

Maryland law prohibits the recording of electronic communications unless all parties give consent and compels governmental units to ensure appropriate safeguards are in place to protect the confidentiality of stored sensitive information. Therefore, it is the policy of the State that:

  1. The recording of electronic communications:
    1. may only occur on platforms that are organizationally approved and managed by the State;
    2. may only occur after participants have been notified and have either explicitly consented to the recording or have been permitted the opportunity to leave the call;
    3. are the property of the State of Maryland;
    4. may be subject to inspection, in part or in whole, as a public record; and
    5. must be made available to all participants on request.
  2. The storage of electronic communications must:
    1. ​meet the requirements for securing recorded data consistent with the data’s classification level;
    2. be managed to ensure compliance with State and unit-level retention requirements;
    3. have contractual SLAs describing the security, confidentiality, privacy, and availability commitments for the information, if stored in a cloud environment; and
    4. meet any applicable requirements of State and Federal law and regulations.

Applicable Law & Other Policy

  • Maryland State Finance and Procurement Code Ann. Title 3A
  • Governor’s Executive Order 01.01.2019.07
  • Maryland State Government Code §10-1301-1308
  • Maryland Courts and Judicial Proceedings Code §10-402
  • Maryland General Provisions Code §4-201-206

Scope and Responsibilities

All executive branch units of state government, except those identified in Maryland Code, SF&P § 3A-302. Agency executives, managers and staff shall ensure compliance with this policy.

Key Terms

Department of Information Technology (DoIT): An executive branch unit of Maryland state government, organized according to Maryland Code, State Finance and Procurement Article, § 3A.

Electronic Communication: Any communication using telephone, cellular telephone, voice over Internet Protocol (VoIP), or video teleconferencing.

Explicit Consent: Consent that is received through an individual’s affirmative consent to the recording.

Implied Consent: Consent that is received through an individual’s continued participation following notification of the initiation or prior activation of recording.

Policy: A statement of jurisdiction and methods to guide agencies in the management of IT resources and services.

Recording: The storage of audio, video, or text transcription of an electronic communication in any format.

Technical Specifications

The Department of Information Technology (DoIT) is required by Maryland State law (MD State Finance and Procurement Code Ann. § 3A-301-309) to develop and implement policy, standards, and implementation guidance to promote the mission-effective and cost-efficient use of various types of IT to enable a wide range of State Agency mission and support functions.

To do this, DoIT maintains a publicly-accessible IT Policy Catalog that is accessed via this webpage. The IT Policy Catalog contains Secretary-approved policies as well as implementation documents that are attachments to policies and may be changed as is needed to reflect the latest standards and most effective methods for implementing IT solutions. These IT solutions may be sourced through DoIT enterprise services, agency custom development, or commercially procured products and services, all through State-approved methods for contacts and acquisitions.

The Policy Catalog is organized in two ways: (1) by policy number; and (2) by service area. Policy and guidance are developed by DoIT subject matter experts in collaboration with agency and industry stakeholders and experts, reviewed by the DoIT Policy Review Board (ITPRB) for accuracy, consistency, compliance with legal requirements and industry standards and is then approved by the DoIT Secretary.​​

Policy Review

By the DoIT IT Policy Review Board annually or as needed.

Contact Information

Chair, IT Policy Review Board, doit-oea@maryland.gov 410-697-9724. The Policy #20-24 steward is the DoIT Chief Information Security Officer.

​Disclaimer

The PDF version of this policy (Electronic Recordings) represents the authoritative policy document. This PDF version of the policy shall prevail in the event of any inconsistency between the signed policy document and the text presented on this page.

Department ofInformation Technology
​​​​100 Community Place, Crownsville, MD 21032

300-301 West Preston Street, Baltimore MD 21201

Phone: 410-697-9700
Maryland Relay: 7-1-1​