Maryland Online Data Privacy Act (MODPA) Awareness Course

Coming Soon: March 2026 Delivery: 100% online Duration: 35-40 minutes Certificate on Completion

0:00

15,000+ learners across our course collection. Immediate access on launch. 14 day 100% money-back guarantee.

Maryland has enacted what many consider the strongest consumer privacy law in the United States. The Maryland Online Data Privacy Act (MODPA), taking effect October 1, 2025, represents a paradigm shift in how US states approach data protection - particularly regarding sensitive data.

This course gives your team practical guidance on MODPA's groundbreaking requirements. We cover the absolute ban on selling sensitive data (where consent cannot override the prohibition), strict data minimisation requirements, unique geofencing restrictions near health care facilities, and the lower applicability thresholds that catch more organisations.

MODPA requires a fundamentally different approach to data handling than other state laws. The cure period sunsets in April 2027, so building robust compliance now is essential. No technical background required - just focused, practical training your team can apply immediately.

Why learn about MODPA?

Understand the absolute ban on selling sensitive data - consent cannot override
Comply with strict data minimisation - only collect what's "reasonably necessary"
Navigate the geofencing prohibition near health care facilities
Meet the lower applicability thresholds (35,000 consumers or 10,000 with data sales)
Prepare before the cure period sunsets in April 2027

Course features

Maryland-specific

Focused entirely on MODPA with Maryland-specific requirements, including the sensitive data sale ban and geofencing rules.

Practical scenarios

Real-world examples showing how MODPA's stricter requirements apply, including data minimisation challenges.

Up to date content

Based on the enacted 2024 legislation with all provisions covered ahead of the October 2025 effective date.

Official sources

Built from the Maryland Code and official guidance, with references to authoritative documentation.

Learning with us

Course information

Learning outcomes

Understand when and how MODPA applies to your organisation
Know the rights Maryland residents have over their personal data
Comply with the absolute ban on selling sensitive data
Implement data minimisation to meet the "reasonably necessary" standard
Navigate geofencing restrictions near health care facilities
Understand enforcement and the cure period timeline

Training recommendations

All employees who handle customer data should complete this training before the October 2025 effective date.
Teams involved in data monetisation or sensitive data processing require this training urgently.
Annual refresher training is recommended, especially as the cure period sunsets in April 2027.

This course is recommended for

Employees who handle customer data at organisations that conduct business in Maryland or target Maryland residents. This includes marketing, sales, customer service, HR, IT, compliance teams, and anyone involved in data collection or monetisation strategies.

Prerequisites

There are no prerequisites for this course. No legal or technical background is required.

What do I need for this course?

This course is 100% online and delivered through our online learning platform. Organisations can also access this content via their own LMS on request (SCORM format available).

Course content

Section 1: Understanding Maryland's Groundbreaking Privacy Law

In this section we introduce the Maryland Online Data Privacy Act and explain why it represents a paradigm shift in US privacy law. We cover the law's effective date, who it applies to, and the key concepts that make it the strongest state privacy law.

Lessons

Introduction to MODPA
Why MODPA is the strongest state privacy law
When the law takes effect (October 1, 2025)
Who the law applies to
Key definitions explained

Section 2: Consumer Rights Under MODPA

Maryland residents have robust rights over their personal data. In this section we cover what those rights are, how to recognise a valid request, and what your obligations are when you receive one.

Lessons

The right to confirm and access
The right to correct inaccurate data
The right to delete personal data
The right to data portability
The right to opt out of sales and targeted advertising
Responding to consumer requests (45-day timeline)

Section 3: The Sensitive Data Sale Ban

MODPA takes the unprecedented step of banning the sale of sensitive data entirely - consent cannot override this prohibition. We explain what this means for your organisation.

Lessons

What is sensitive data under MODPA?
The absolute ban on sensitive data sales
Why consent doesn't override the ban
Practical implications for data monetisation
Children's data protections

Section 4: Data Minimisation Requirements

MODPA goes beyond other state laws by requiring true data minimisation. Learn what data you can collect and why the "reasonably necessary" standard matters.

Lessons

The strict data minimisation requirement
What is "reasonably necessary"?
Prohibited collection practices
Practical compliance strategies

Section 5: Geofencing and Health Facility Protections

MODPA includes unique geofencing prohibitions around health care facilities. Learn what these restrictions mean and how to comply.

Lessons

The geofencing prohibition explained
What counts as a health care facility
Prohibited data collection near health facilities
Location data compliance

Section 6: Controller and Processor Obligations

This section covers the operational requirements of MODPA including data protection assessments, security obligations, and working with third-party processors.

Lessons

Data protection assessment requirements
Security requirements
Processor contract requirements
Privacy notice obligations

Section 7: Enforcement and Compliance

Understand the enforcement landscape, the cure period structure, and what penalties look like under MODPA.

Lessons

Attorney General enforcement authority
The cure period (expires April 2027)
Civil penalties explained
No private right of action
Building a compliance programme

Section 8: Assessment

Test your knowledge with scenario-based questions covering all the key MODPA concepts from the course.

Lessons

Knowledge check (10 questions)

How it works

Step 1

Get notified

Sign up to be notified when this course launches. You'll be among the first to know and can start training your team immediately.

Step 2

Start learning

Each team member will have access to the learning materials and assessment. On completion of the course, team members will be issued with a certificate.

Step 3

Stay compliant

As MODPA takes effect and the cure period approaches its sunset, we'll update the course. Trainees can review updated materials to stay current.

What's included

Training

Distraction-free online learning platform
Scenario-based end of course assessment

Updates

Access to all course material updates and enhancements for the length of your access period

Certification

Certificate on completion

Course FAQs

Will I get a certificate?

Yes, on completion of the course you will be issued with a digital certificate. It will be issued by our team shortly after completion of the course including the end of course assessment. You can add this to your LinkedIn profile.

Who should take this course?

This course is designed for employees who handle customer data at organisations that may be subject to Maryland's privacy law. This includes marketing, sales, customer service, HR, and IT teams - especially those involved in data monetisation or sensitive data processing.

When does MODPA take effect?

The Maryland Online Data Privacy Act takes effect on October 1, 2025. Given its strict requirements, organisations should begin preparing now to ensure compliance by the effective date.

Does MODPA apply to my organisation?

MODPA applies to organisations that conduct business in Maryland or target Maryland residents, AND either: (a) control or process personal data of 35,000+ Maryland consumers (excluding payment transactions), or (b) control or process data of 10,000+ Maryland consumers and derive over 20% of gross revenue from selling personal data.

What makes MODPA different from other state privacy laws?

MODPA is considered the strongest US state privacy law. Key differences include: an absolute ban on selling sensitive data (consent cannot override), strict data minimisation requirements, geofencing prohibitions near health care facilities, and lower thresholds for applicability. The cure period also sunsets in April 2027.

Is there a money back guarantee?

Yes, we offer a 14-day 100% money-back guarantee. If you are not satisfied with the course for any reason, simply contact us within 14 days of purchase for a full refund.

How long does the course take?

The course typically takes 35-40 minutes to complete. You can pause and resume at any time, and your progress is automatically saved.