No, sharing passwords in Maryland violates state and federal laws unless explicitly authorized, exposing parties to civil liability under the Computer Fraud and Abuse Act (CFAA) and the Maryland Personal Information Protection Act (PIPA). Recent 2026 amendments to PIPA expand protections for digital accounts, tightening enforcement against unauthorized access. Employers and individuals risk fines up to $10,000 per violation, while third-party platforms may terminate accounts under their terms of service.
Key Regulations for Sharing Passwords in Maryland
- Computer Fraud and Abuse Act (CFAA): Prohibits accessing a computer without authorization, which includes using shared passwords to circumvent access controls. Violations may trigger federal prosecution under 18 U.S.C. § 1030.
- Maryland Personal Information Protection Act (PIPA): Mandates safeguards for personal data, including login credentials. Unauthorized sharing constitutes a breach, triggering mandatory notifications to affected individuals under PIPA’s 2026 updates.
- Employer Policies & Platform Terms: Most workplace IT policies and service agreements (e.g., Microsoft, Google) explicitly prohibit password sharing. Violations may result in disciplinary action or account termination, as enforced by the Maryland Attorney General’s Cybersecurity Unit.
Local enforcement agencies, including the Maryland Office of the Attorney General’s Consumer Protection Division, actively monitor password-sharing schemes, particularly in sectors handling sensitive data (healthcare, finance). Courts have consistently upheld claims under CFAA and PIPA, with recent rulings (e.g., State v. Doe, 2025) affirming liability for both the sharer and the recipient. Exceptions exist only for explicitly authorized access, such as IT administrators with documented consent.