Preparing for MODPA enforcement: risk assessment checklist
January 28, 2026
Publications
The Maryland Online Data Privacy Act (MODPA) introduces some of the most comprehensive state-level privacy requirements in the country. Effective October 1, 2025, with enforcement beginning in April 2026, MODPA significantly expands the obligations for businesses that collect or process the personal data of Maryland residents. If your organization falls under these thresholds, early preparation is critical.
To help you get started, we have created a MODPA risk assessment checklist. This resource offers a clear, actionable framework for identifying high-risk activities, documenting mitigation strategies, and demonstrating good-faith compliance. It covers essential activities that regulators will scrutinize closely, such as targeted advertising, handling sensitive data, and automated decision-making.
MODPA surpasses other state privacy laws by imposing stringent standards for sensitive data, prohibiting the sale of such data, and implementing enhanced protections for minors. It also requires documented risk assessments for profiling and algorithmic decision-making. These obligations aren’t just legal requirements. They are an opportunity to strengthen consumer trust and reduce regulatory risk.
Do not wait until enforcement begins. Download the checklist today to audit your current practices, update policies, train your team, and establish monitoring for new high-risk activities. Taking these steps now will help you avoid penalties and position your organization as a leader in privacy compliance.
