DoIT Policy/Standard #20-24 Page 1 of 2
Information Technology
Policy and Standards
Approved:
____________________ _________
Michael G. Leahy, Secretary Date
# 20-11
Electronic Communication Recording and Storage
Area(s): ☒ Process ☐ Procurement ☒ Security ☐ Hardware ☐ Web
☐ Facility ☐ End-User ☐ Software ☒ Network ☒ Data
☒ Voice ☐ Audit ☐ Other
Replaces Other Policy: ☒ No ☐ Yes
Purpose: Establish requirements for the recording and storage of electronic communications. The increased adoption
of online collaboration tools and the legal implications around the recording and storage of electronic communications
creates the need for this policy. Maryland law describes the conditions required to record electronic communications,
and the criminal and civil consequences that may result should one fail to comply.
Policy Statement:
Maryland law prohibits the recording of electronic communications unless all parties give consent and compels
governmental units to ensure appropriate safeguards are in place to protect the confidentiality of stored sensitive
information. Therefore, it is the policy of the State that:
1. The recording of electronic communications:
a. may only occur on platforms that are organizationally approved and managed by the State;
b. may only occur after participants have been notified and have either explicitly consented to the
recording or have been permitted the opportunity to leave the call;
c. are the property of the State of Maryland;
d. may be subject to inspection, in part or in whole, as a public record; and
e. must be made available to all participants on request.
2. The storage of electronic communications must:
a. meet the requirements for securing recorded data consistent with the data’s classification level;
b. be managed to ensure compliance with State and unit-level retention requirements;
c. have contractual SLAs describing the security, confidentiality, privacy, and availability commitments for
the information, if stored in a cloud environment; and
d. meet any applicable requirements of State and Federal law and regulations.
Applicable Law & Other Policy:
● Maryland State Finance and Procurement Code Ann. Title 3A
● Governor’s Executive Order 01.01.2019.07
● Maryland State Government Code §10-1301-1308
● Maryland Courts and Judicial Proceedings Code §10-402
● Maryland General Provisions Code §4-201-206
Scope and Responsibilities: All executive branch units of state government, except those identified in Maryland
Code, SF&P § 3A-302. Agency executives, managers and staff shall ensure compliance with this policy.
DoIT Policy/Standard #20-24 Page 2 of 2
Key Terms:
Department of Information Technology (DoIT): An executive branch unit of Maryland state government, organized
according to Maryland Code, State Finance and Procurement Article, § 3A.
Electronic Communication: Any communication using telephone, cellular telephone, voice over Internet Protocol (VoIP),
or video teleconferencing.
Explicit Consent: Consent that is received through an individual’s affirmative consent to the recording.
Implied Consent: Consent that is received through an individual’s continued participation following notification of the
initiation or prior activation of recording.
Policy: A statement of jurisdiction and methods to guide agencies in the management of IT resources and services.
Recording: The storage of audio, video, or text transcription of an electronic communication in any format.
Technical Specifications: Available at: https://doit.maryland.gov/policies/Pages/default.aspx
Policy Review: By the DoIT IT Policy Review Board annually or as needed.
Contact Information: Chair, IT Policy Review Board, doit-oea@maryland.gov 410-697-9724. The Policy #20-24
steward is the DoIT Chief Information Security Officer.
