Maine’s Privacy Line in the Sand

(A note from a small business owner who doesn't need your data to do the job.)

I've got a feeling we're walking into one of those weeks where the political weather changes fast—like Maine in spring, when you leave the house in a hoodie, come back sunburned, and still hit black ice in the shade.

You can feel it in the way people talk. Less "did you see that?" and more "okay… so what happens now?" The public mood has shifted into that tense space where trust is low, stakes feel high, and everyone assumes somebody's trying to slip something through.

That assumption doesn't come out of nowhere.

Whether it's new court rulings that slow down executive reach, states pushing back in their own lanes, or Congress using procedural shortcuts to keep certain fights off the floor—the checks and balances are moving. Everywhere.

Not cleanly. Not calmly. But they are moving.

Maine's move: "Collect only what you actually need."

Here in Maine, that pushback has a name: LD 1822, the Maine data privacy bill that narrowly passed the House and moved to the Senate.

What I keep coming back to is the principle at the heart of it:

If you don't need it, don't collect it.

Most privacy laws just build higher fences around the data you've already stolen. Maine is trying something different: Data Minimization. Because once data exists, it can be breached, subpoenaed, or "reinterpreted" under a new rule next year. The best protection isn't a better password; it's an empty database.

That sounds simple because it is simple. It's also the one privacy policy that still works even when everything else gets complicated. Because once data exists, it can be:

• sold

• breached

• subpoenaed

• repurposed

• "reinterpreted" under a new rule next year

So if you want real privacy, the best move isn't building higher fences around the data.

It's collecting less of it in the first place.

The Maine Privacy Cheat Sheet (LD 1822)

For those of us trying to keep the lines straight.

If this bill crosses the finish line by the April 15 deadline, the "Maine Way" becomes the law of the land. Here's the breakdown:

• The Threshold: It applies to businesses handling data for 35,000 Mainers. In a state our size, that's a low bar—it catches more than just the "Big Tech" giants; it catches anyone aiming for scale.
• The "Strictly Necessary" Standard: This is the hammer. For sensitive data (like your health, religion, or orientation), companies can't just ask for "consent" in fine print. They are legally barred from collecting it unless it is strictly necessary to provide the service you asked for.
• The 1,750-Foot Rule: The bill specifically bans selling precise geolocation data (anything within about a third of a mile). No more tracking your exact movements just to sell you a sandwich coupon.
• The "Cure" Period: Business owners get a grace period until April 1, 2027, to fix violations before the Attorney General steps in. It's a "fix it or else" policy, not a "gotcha" policy.

The part business owners should care about: clarity

Now here's where the conversation gets messy—because the minute a state tries to set boundaries, somebody says:

"This is going to be too hard on business."

And I get why that lands. Small businesses don't have compliance departments. We don't have in-house counsel. We don't have time to decode standards written for companies with legal teams on standby.

But that's exactly why I'm paying attention to what's happening federally at the same time.

Washington's move: the "fast lane" with no amendments

This week, Congress is pushing at least one small business AI bill using a fast-track process known as Suspension of the Rules. Translation: quick vote, limited debate, and no floor amendments.

That matters because it's not only about passing "helpful" bills quickly.

It's also about controlling what can't get attached.

No privacy hawk amendments. No messy public fight. No last-minute safeguards that make leadership uncomfortable.

Just smooth passage.

And the weirdest part? Sometimes the bills are labeled "voluntary" standards—but the minute a federal "gold standard" exists, it doesn't stay voluntary for long.

Because then the standard gets used by:

• insurers (coverage decisions)

• vendors (software requirements)

• procurement (contract eligibility)

• lawsuits (what "reasonable" should have been)

Voluntary becomes de facto mandatory… without ever saying the quiet part out loud.

So what do we actually want? A balance.

Here's the tradeoff I'm trying to name plainly:

• National standards can make it easier to do business across state lines.

• But national standards also shift enforcement power upward—toward federal agencies, federal politics, and federal incentives.

Simplicity for business…

versus the risk of federal reach into our data.

I'm not pretending I know the perfect line. I'm just saying the line exists.

And in my mind, the best compromise is the one Maine is at least trying to lead with:

Only collect what's necessary.

Because if we can agree on that as the baseline—state or federal—we reduce the amount of damage that can be done later, no matter who's holding power.

The Pine & Shine Standard: Privacy as a Service

Here's what I know as a small business owner:

I don't need to "data harvest" to clean a house.

I need:

• your name

• your address

• how to get in

• what matters to you (pets, allergies, priorities)

• how to invoice you

That's it. I don't need your browsing history or your political leanings to scrub a bathtub.

I can reflect Maine's stance in my business practices—whether LD 1822 passes or not.

Not because it's trendy.

Because it's respectful.

And because we're living through a time where the old assumption—that there are guardrails—doesn't feel as solid as it used to.

The Maine Lesson

Maine has always been a little protective. Sometimes that protectiveness has slowed growth, sure.

But there's also something steady about it: slow, controlled, sustainable.

The kind of growth where you don't sell off the whole farm to make next quarter look pretty.

And maybe that's the best "Maine lesson" in this moment:

Don't hand over more than you need to.

Not your money.

Not your land.

And definitely not your data.

—

Spring in Maine teaches you not to trust a forecast—but to prepare anyway. Privacy is the same: the best protection is what you build upfront, before the storm hits. That's how I'm building Pine & Shine: the Maine way—clear rules, minimal collection, and no extra information I wouldn't want floating around about me, either.