Templates Legal Letters Correspondence State Data Breach Notification Letter
Maine Legal Letters Correspondence
Blank Document PRO
From Template
Upload Document Word (.docx) & Markdown files
PRO
State Data Breach Notification Letter
Ready to Edit
State Data Breach Notification Letter - Free Editor

MAINE DATA BREACH NOTIFICATION PACKAGE

(10 M.R.S.A. § 1346 et seq.)

[// GUIDANCE: This template delivers (i) a transmittal letter to the Maine Office of the Attorney General (“AG Notice”) and (ii) the consumer-facing notice (“Consumer Notice”). Practitioners should complete every bracketed placeholder before issuance and confirm that notice is delivered no later than 30 days after “determination” of the breach, as required by Me. Rev. Stat. Ann. tit. 10, § 1348(1).]

TABLE OF CONTENTS

  1. Document Header.............................................................1
  2. Definitions.....................................................................2
  3. AG Notice (Operative Provisions)...............................................3
  4. Consumer Notice (Attachment A).................................................7
  5. Execution Block................................................................12

1. DOCUMENT HEADER

Title: Maine Data Breach Notification Package
Prepared By: [COMPANY LEGAL NAME], a [STATE] [corporation/LLC/etc.] (the “Company”)
Effective Date: [DATE]
Governing Law & Venue: State of Maine courts, pursuant to Me. Rev. Stat. Ann. tit. 10, § 1348
Recipients:
• Maine Office of the Attorney General (the “Attorney General”)
• Affected Maine Residents (each, an “Individual” and collectively, “Individuals”)

Recitals:
WHEREAS, the Company determined on [DETERMINATION DATE] that a Breach (as defined below) involving Personal Information (as defined below) of Maine residents occurred;
WHEREAS, the Company is required to provide notice to the Attorney General and to Individuals under Me. Rev. Stat. Ann. tit. 10, § 1348 and § 1348-A; and
WHEREAS, the Company now provides such notice within the statutory timeframe and in the form and substance mandated by applicable law.

2. DEFINITIONS

For purposes of this Notification Package, the following terms have the meanings set forth below. Capitalized terms used but not defined have the meanings assigned by Me. Rev. Stat. Ann. tit. 10, § 1347.

“Applicable Law” means Me. Rev. Stat. Ann. tit. 10, §§ 1346–1350-B and any other federal or state privacy or consumer-protection statutes governing the Breach.

“Breach” means an unauthorized acquisition, release, or use of unencrypted Personal Information that compromises the security, confidentiality, or integrity of such information.

“Consumer Notice” means the form of written notice attached hereto as Attachment A.

“Determination Date” means the date on which the Company concluded that a Breach occurred following a good-faith, reasonable, and prompt investigation.

“Personal Information” has the meaning assigned in Me. Rev. Stat. Ann. tit. 10, § 1347(6) and includes, without limitation, the data elements described in Section 3.3(b) below relating to Maine residents.

3. AG NOTICE (OPERATIVE PROVISIONS)

3.1 Statutory Notice

Pursuant to Me. Rev. Stat. Ann. tit. 10, § 1348-A(1), the Company hereby notifies the Attorney General of the Breach and encloses the Consumer Notice that will be sent to Individuals.

3.2 Incident Chronology

a. Date(s) of Breach: [Breach Start Date] – [Breach End Date or “Unknown/Continuing”]
b. Determination Date: [DETERMINATION DATE]
c. Discovery Method: [Brief narrative of how Breach was discovered]

3.3 Scope of Affected Data

a. Number of Persons Affected: [###] total; of which [###] are Maine residents.
b. Categories of Personal Information Subject to Breach:
• [Social Security numbers]
• [Driver’s license or state identification numbers]
• [Financial account or payment-card information]
• [Medical / health-insurance information]
• [Biometric identifiers]
• [Usernames or email addresses in combination with passwords or security questions]
[// GUIDANCE: Delete any category not implicated and add others as needed.]

3.4 Remediation & Mitigation

The Company has:
1. Secured its network and contained the unauthorized access.
2. Engaged third-party cybersecurity experts to investigate and remediate vulnerabilities.
3. Implemented additional technical and administrative safeguards, including [multi-factor authentication / encryption upgrades / employee re-training].
4. Established a dedicated call center staffed [##] hours per day, [##] days per week through [End Date].
5. Offered [12-month identity-theft protection and credit-monitoring services] at no cost to Individuals. [// GUIDANCE: Although not expressly mandated under Maine law, offering credit monitoring is strongly recommended and may mitigate potential regulatory scrutiny.]

3.5 Notification Logistics

Date Consumer Notice Will Commence: [DATE] (concurrently with or earlier than AG Notice).
Method(s) of Delivery to Individuals: [First-class U.S. mail] / [Email in compliance with § 1348(2-A)] / [Substitute notice with public postings – provide details if applicable].
Notice to Consumer Reporting Agencies: [Yes/No – required if ≥1,000 persons, § 1348(2-B)].

3.6 Contact Person for Follow-Up

Name: [CONTACT NAME]
Title: [Chief Privacy Officer / General Counsel]
Address: [STREET ADDRESS, CITY, STATE ZIP]
Telephone: [(###) ###-####]
Email: [EMAIL ADDRESS]

4. CONSUMER NOTICE – ATTACHMENT A

[COMPANY LETTERHEAD]

[DATE]

NOTICE OF DATA BREACH

Dear [Individual Name]:

  1. What Happened?
    On [DETERMINATION DATE], we confirmed that an unauthorized party gained access to certain Company systems between [BREACH START DATE] and [BREACH END DATE]. Upon discovery, we immediately secured the environment and engaged independent cybersecurity experts to assist with our investigation.

  2. What Information Was Involved?
    The incident involved one or more of the following for some Maine residents:
    • [Social Security number]
    • [Driver’s license or state ID number]
    • [Financial account or payment-card number in combination with security code]
    • [Medical information / health-insurance information]
    • [Biometric identifiers]
    • [Username or email address with password or security question/answer]
    Please note that not every data element listed above was affected for every Individual.

  3. What We Are Doing.
    We have taken the following steps to protect your information:
    • Implemented enhanced network monitoring and access controls.
    • Rotated relevant credentials and updated encryption standards.
    • Notified law enforcement and are cooperating with any investigation.
    • Arranged for [12 months] of free credit monitoring and identity-theft protection services through [SERVICE PROVIDER]. Instructions for enrollment appear below.
    • Established a toll-free dedicated response line at [(###) ###-####], available [HOURS], [DAYS].

  4. What You Can Do.
    We encourage you to take the following precautions:
    a. Review the “Steps You Can Take to Protect Your Information” in Section 6 below.
    b. Enroll in the complimentary credit-monitoring services by [ENROLLMENT DEADLINE].
    c. Report any suspicious activity or suspected identity theft to our response line and to the proper law-enforcement authorities.

  5. For More Information.
    If you have questions, please contact us at [(###) ###-####] or [EMAIL ADDRESS]. You may also write to us at the mailing address listed below.

  6. Steps You Can Take to Protect Your Information.
    • Monitor your credit reports free of charge at www.AnnualCreditReport.com or call (877) 322-8228.
    • Place a fraud alert on your credit files by contacting any one of the three nationwide credit reporting agencies:
    – Equifax: (888) 766-0008; www.equifax.com
    – Experian: (888) 397-3742; www.experian.com
    – TransUnion: (800) 680-7289; www.transunion.com
    • Consider placing a security freeze on your credit report. You can do this free of charge by contacting each credit bureau at the numbers above or via their websites.
    • File a complaint with the Federal Trade Commission (“FTC”) at www.identitytheft.gov or by calling (877) ID-THEFT (438-4338), and/or with the Maine Attorney General at www.maine.gov/ag or (800) 436-2131.
    [// GUIDANCE: Retain the exact statutory language regarding security-freeze rights if Social Security numbers were compromised.]

Sincerely,

[NAME]
[TITLE]
[COMPANY LEGAL NAME]
[COMPANY ADDRESS]

5. EXECUTION BLOCK

Executed as of the Effective Date by the duly authorized representative of the Company.
[COMPANY LEGAL NAME] Date: __
By: _______
Name: [AUTHORIZED SIGNATORY]
Title: [AUTHORIZED TITLE]

[// GUIDANCE:
1. File the AG Notice (Sections 1–3 plus Attachment A) via the online portal or certified mail, return receipt requested.
2. Issue the Consumer Notice concurrently (same day if feasible) and retain mailing/email proof for at least five years.
3. If the total affected individuals ≥ 1,000, notify the three nationwide consumer-reporting agencies under § 1348(2-B).
4. Maintain an incident file containing the forensic report, proof of notices, and internal decision-making documentation to evidence statutory compliance.]

AI Legal Assistant

Welcome to State Data Breach Notification Letter

You're viewing a professional legal template that you can edit directly in your browser.

What's included:

  • Professional legal document formatting
  • Maine jurisdiction-specific content
  • Editable text with legal guidance
  • Free DOCX download

Upgrade to AI Editor for:

  • 🤖 Real-time AI legal assistance
  • 🔍 Intelligent document review
  • ⏰ Unlimited editing time
  • 📄 PDF exports
  • 💾 Auto-save & cloud sync