Media Center

September 17, 2025
Publications

Preparing for enforcement and beyond

In the final part of our series on the Maryland Online Data Privacy Act (MODPA), we look ahead to enforcement and beyond. With MODPA taking effect on Oct. 1, 2025, and enforcement beginning April 1, 2026, businesses must not only prepare for implementation but also build sustainable privacy programs that will stand the test of time.

While initial implementation demands immediate attention, the law’s long-term success requires businesses to think beyond one-time fixes and focus on building adaptive, sustainable privacy programs that evolve with regulatory expectations and business growth. As enforcement begins and cure periods expire, companies must prepare for a privacy landscape where continuous compliance monitoring, regular program updates, and proactive risk management become standard business practices.

Throughout this series, we’ve examined the basic requirements of MODPA and looked closely at the changes needed for core business operations:

• Marketing strategies must remain flexible as consumer preferences shift and new advertising technologies emerge.
• Risk assessments must be integrated into existing workflows or adjusted to address Maryland’s specific restrictions and prohibitions.
• Relationships with vendors and third parties must tackle trust and accountability within an entirely new framework.

Violations of the law can cost companies between $10,000 and $25,000 per violation, while eroding consumer confidence in the safety of their information. Given the complexity of evolving privacy regulations and the financial and reputational consequences of noncompliance, many organizations find that investing in specialized expertise proves invaluable for navigating challenging regulatory waters and protecting their long-term interests.

This article was co-authored by Caroline Aiello.