Maryland security and surveillance regulations: what businesses must know

Maryland is a two-party (all-party) consent state for audio recording under Md. Code Ann., Cts. & Jud. Proc. 10-402, the Maryland Wiretap Act. The Maryland Online Data Privacy Act (MODPA, Md. Code Ann., Com. Law 14-4601 et seq., effective October 2025) treats biometric data and precise geolocation as sensitive personal data requiring consent. Alarm system contractors are regulated by the Maryland State Police Licensing Division under Bus. Reg. 19-101 et seq. Maryland operates an adult-use cannabis program through the Maryland Cannabis Administration.

Camera-related state law

The governing audio statute is the Maryland Wiretap Act, Md. Code Ann., Cts. & Jud. Proc. 10-402. The Act makes interception of an oral, wire, or electronic communication a felony unless all parties to the communication consent. Maryland is therefore a two-party (all-party) consent state for audio recording, and the courts have applied the all-party consent requirement strictly.

Video-only surveillance of common areas with posted notice is generally lawful. Md. Crim. Law 3-901 et seq. (visual surveillance with prurient intent) reaches hidden cameras in places where privacy is reasonably expected. Posted notice at the entrance is the industry standard.

Practical translation. Commercial MD camera installs default to video-only on the cameras and route audio capture through a separate documented intercom or call-recording workflow with all-party consent disclosed. Hidden cameras in spaces where privacy is expected are off-limits.

Security contractor licensing

The Maryland State Police Licensing Division regulates security systems technicians and certain related categories under Md. Code, Bus. Reg. 19-101 et seq. and COMAR 29.03.01. Companies installing electronic security or alarm systems for compensation should verify their state license posture before signing in Maryland.

Local jurisdictions add layers. Baltimore City, Baltimore County, Montgomery County, Prince George's County, and other municipalities require alarm permits and impose registration on alarm businesses. The DC metro contractor footprint pulls in additional federal procurement expectations.

Biometric data and MODPA

The Maryland Online Data Privacy Act, Md. Com. Law 14-4601 et seq., took effect October 1, 2025. MODPA applies to controllers conducting business in Maryland or producing products targeted to Maryland residents above defined thresholds (35,000 consumers, or 10,000 consumers and 20 percent of gross revenue from sale of personal data). The Act classifies biometric data as sensitive personal data and requires consent before processing.

For commercial security buyers, the practical reach is fingerprint and facial-recognition access control and any AI camera that builds a faceprint template. MODPA compliance requires consent, privacy notice, consumer-rights handling, and a data protection assessment for sensitive processing. MODPA also includes data minimization rules that are more restrictive than peer state laws. Enforcement is by the Maryland Attorney General; there is no private right of action.

Privacy in the workplace

Maryland's all-party consent rule under 10-402 has practical implications for any employer audio recording. Pure video surveillance of common work areas with posted notice is generally lawful. Cameras in employee-only spaces with a reasonable expectation of privacy (restrooms, locker rooms, lactation rooms) are off-limits.

Most MD employers issue a single workplace surveillance notice in the employee handbook and obtain written acknowledgment at hire. The acknowledgment is the practical mechanism that documents the all-party consent posture for any audio capture.

Video retention requirements

Cannabis. Maryland Cannabis Administration rules under COMAR 14.17 set retention for licensed facilities. Pull the current MCA text before designing the install.
Healthcare. HIPAA Security Rule (45 CFR Part 164) governs PHI-touching footage.
Retail and hospitality. PCI-DSS Requirement 9 specifies 90-day retention for the cardholder data environment.
Federal contractors. NDAA Section 889 controls vendor selection. Maryland's federal contractor density (NSA, APG, NIH, FDA) layers in CMMC, CUI, and SCIF expectations.
Schools. FERPA reach for K-12 districts and higher education.

Default retention for MD commercial systems with no specific industry rule is 30 days. Federal-touching customers commonly set longer retention with explicit written retention policies.

What Tec-Tel does to comply with Maryland regulations

Video-only on cameras unless audio is documented with all-party consent under Md. Cts. & Jud. Proc. 10-402.
Posted surveillance notice at every public entrance.
No cameras in restrooms, locker rooms, dressing rooms, or any space where privacy is reasonably expected.
MODPA consent and notice language coordinated with the customer's privacy team for any biometric capture.
Retention configured to the regime that governs the industry (HIPAA, PCI, MCA, NDAA), with the facility's written retention policy attached.
NDAA Section 889-compliant vendor selection on federal-touching installs.
MSP-licensed contractor work where the install scope triggers Bus. Reg. 19-101.

This is a buyer-facing reference, not legal advice.

Security service in Maryland

Tec-Tel deploys AI-era security across Maryland with one accountable project manager owning design, install, and service to one standard. The cities below have local service detail, deal sizing, and a free consultation. Don't see yours? We cover the whole state.

Security in Baltimore, MD

Or browse the full city directory and nationwide coverage map.

Frequent buyer questions

Is Maryland a one-party or two-party consent state for audio recording?

Maryland is a two-party (all-party) consent state. Md. Cts. & Jud. Proc. 10-402 makes interception of an oral, wire, or electronic communication a felony unless all parties consent. The all-party consent requirement is well-established in Maryland case law. Most MD commercial camera installs go video-only on the cameras to keep audio out of scope, because all-party consent is hard to document on a camera that records continuously.

Does Maryland license alarm and security contractors?

Yes. The Maryland State Police Licensing Division regulates security systems technicians and certain related categories under Md. Code, Bus. Reg. 19-101 et seq. and COMAR 29.03.01. Local jurisdictions (Baltimore City, Baltimore County, Montgomery County, Prince George's County) often layer alarm permit and registration requirements on top of state licensure. Buyers should verify both the state license and local permit posture.

What does the Maryland Online Data Privacy Act require for biometric data?

MODPA (Md. Com. Law 14-4601 et seq.), effective October 1, 2025, applies to controllers conducting business in Maryland or producing products targeted to Maryland residents above defined thresholds. MODPA classifies biometric data as sensitive personal data and requires consent before processing. Covered controllers must provide privacy notice, honor consumer rights, and conduct data protection assessments for sensitive processing. MODPA also includes data minimization requirements that are more restrictive than several peer state laws. Enforcement is by the Maryland Attorney General; there is no private right of action.

What's the data breach notification rule in Maryland?

The Maryland Personal Information Protection Act (Md. Com. Law 14-3501 et seq.) requires notice to Maryland residents and the Maryland Attorney General following a breach of personal information. Personal information includes name combined with Social Security number, driver's license, financial account information, biometric data used for authentication, and similar identifiers. The MD AG publishes received breach notifications.

Do I have to give Maryland employees notice before monitoring them?

Maryland's two-party consent rule under 10-402 has practical implications for any employer audio recording. Pure video surveillance of common work areas is governed by the general expectation of privacy framework. Most MD employers issue a single workplace surveillance notice in the handbook covering cameras, badge access, computer monitoring, and call recording, and obtain written acknowledgment at hire to document the all-party consent posture for any audio capture.

What's the video retention requirement for Maryland cannabis facilities?

The Maryland Cannabis Administration (MCA) publishes camera coverage and retention rules for licensed adult-use and medical cannabis facilities under COMAR 14.17. Retention requirements are in the regulation and operators should pull the current MCA rules before designing the install. Most MD licensed operators retain at least the MCA minimum and configure VMS retention with a buffer.

Are there special rules for cameras in Maryland schools and federal contractor sites?

Maryland public schools follow federal FERPA (20 U.S.C. 1232g). Maryland hosts NSA Fort Meade, Aberdeen Proving Ground, NIH, FDA, and a substantial federal contractor base, all of which inherit NDAA Section 889, CMMC, CUI handling, and SCIF expectations on top of state law. SVPP and NSGP grant-funded camera projects at schools and houses of worship in Maryland carry NDAA Section 889 procurement requirements.

Start with a free consultation.

Tell us what you're protecting and what's already in place. The Tec-Tel team reviews it and comes back with a written plan.

Tell us how many sites you run and what's already in place. We'll show you what a build or upgrade looks like.

Straight answers from the team that does the work. We're platform-agnostic, so you get the system that fits your sites, not one brand's catalog.

Since 2010 · 1,000+ deployments nationwide · ISN-accredited

Book a free consultation 855-577-0400

Maryland security and surveillance regulations: what businesses must know

Camera-related state law

Security contractor licensing

Biometric data and MODPA

Privacy in the workplace

Video retention requirements

What Tec-Tel does to comply with Maryland regulations

Security service in Maryland

Frequent buyer questions

NDAA Section 889

NSGP grant installs

Virginia regulations

Pennsylvania regulations

New Jersey regulations

Start with a free consultation.

How can we help?