Maine’s Data Privacy Law

For an assignment at The Fletcher School in Spring 2024, I provided the following brief on Maine’s LD 1977 “An Act to Create the Data Privacy and Protection Act.” The legislation “died” in the 131st Maine Legislature.


            The 131st Maine Legislature, Second Regular Session, is taking testimony and comment on four distinct proposed privacy laws: LD 1705, LD 1902, LD 1973, and LD 1977. Among these four competing proposals, LD 1977 has attracted attention as the “strongest data privacy law in [the] nation” if passed (Quinlan 2024). State and national organizations, from L.L. Bean to Financial Industry Regulatory Authority (FINRA), have voiced concerns ranging from Constitutional issues to specific implementation details.


            LD 1977, submitted by State Representative Maggie O’Neil of Saco, was modeled after the failed federal 2022 American Data Privacy and Protection Act and continues the Legislature’s engagement on consumer privacy and data security over the past seven years (Quinlan 2024). O’Neil, in a 2024 ACLU of Maine press release, stated several of the objectives of the legislation: creating “guardrails for what companies can do with […] personal information” and giving Mainers “choices about how [their] personal information is collected and used.” Beyond the public messaging on LD 1977, the bill text itself reveals concerns about organizations collecting, processing, and transferring individuals’ sensitive data (§9605) and the imbalance of power between individuals and large organizations (such as high-impact social media companies).

            The current legislative draft proposes to regulate companies and ensure individuals’ control over their data through three broad approaches: data minimization, affirmative consent on collection and transfer, and enforcement.  The legislation defines a relatively broad category of “covered data” (covered, in this context, means within the scope of the legislation) that includes information that that uniquely identifies an individual (or could be used to identify an individual when combined with other data). Organizations above a certain size (excluding small business and government) are required to minimize collection, processing, and transfer of the covered data to what is “reasonably necessary and proportionate” (§9604) to the service being offered to the individuals.  Certain covered data that is considered “sensitive” is further constrained to “strictly necessary to provide” (§9605) a service. These two sections describe the data minimization requirements, with the first sharing similar language with the California Consumer Privacy Act and the second more stringent.

            The primary lever proposed to balance power between individuals and large organizations is the requirement for unambiguous affirmative consent (§9609). Individuals would retain extensive control over the processing and transfer of covered data, including protection for corrections/deletion, and be granted protection from retaliation for exercising rights under the law. Organizations must obtain affirmative consent from the individual, which can be withdrawn at any time, to process data for a different purpose, transfer data to a third party, or display targeted advertising to an individual. Control over one’s data, whether it’s sensitive or generally privacy impacting, has not been possible in this context within the United States. Section 9609 fundamentally advances the interests of the individual and codifies a stronger definition of consent.

            The third leg of the legislation’s regulatory framework is enforcement. Civil actions can be brought by government officials (state Attorney General, district attorneys, or municipal counsel) or individuals. Overall, the Attorney General plays the most important role representing the interests of the citizens of Maine, including managing large data holder certifications of internal controls, registrations of data brokers, algorithm assessments, and more. The individual’s role in enforcement is not overly circumscribed, but for a small business exclusion, and individuals right to act together is protected.

            While it is rare for legislation to work precisely as intended, especially once subjected to the wide variety of real-world situations and judicial scrutiny, LD 1977’s application of concepts from proposed federal legislation and informed by other state’s laws should re-balance the power dynamic between individuals and large organizations regarding the individual’s data and privacy. As the primary enforcement mechanism is the intervention of the Maine Attorney General, an organ of the state will act on behalf of individuals to restrain inadvertent or overt overreach by large organizations.

            The legislation will be challenging to implement and will draw legal challenges because privacy law in the United States is caught between national level delay and state level dynamism. Privacy and speech rights are likely to clash and federal preemption may be a threat to the long term viability of the legislation in Maine.


            There are several areas in which LD 1977 could be improved:

  1. Administrative rulemaking is referenced obliquely in the draft (the language “rule[s] adopted under this chapter” appears in three sections) and therefore the entity responsible for rulemaking should be named within the legislation. For example, Title 10 Maine Revised Statutes Chapter 308 §1682 definitively names the Attorney General (“The Attorney General may adopt rules necessary to implement this chapter.”).
  2. The Attorney General’s Office should be required to publish implementation guidance for algorithm assessments and privacy impact assessments ahead of the Section 2 deadlines.
  3. The Legislation should analyze whether entity level exclusion for organizations operating under federal Gramm-Leach-Bliley Act (GLBA) and HIPAA/HITECH is appropriate due to preemption concerns and avoidance of unneeded legal challenges. 
  4. Additional attention should be given to harmonization with applicable case law and existing Maine law, specifically regarding employer access and 35-A MRSA Chapter 94 (Broadband Internet Access Service Customer Privacy). The latter, while regulating a more specific person, could overlap with the “large data holder” definition within LD 1977.

As LD 1977 progresses through the session, the prohibition on arbitration (§9620(3)) should be maintained. According to many consumer advocates, arbitration and the contracts that demand arbitration benefit companies over consumers (National Association of Consumer Advocates 2024). 


ACLU of Maine. (2024, February 4). Many States Get Failing Grade on Data Privacy, Maine Lawmakers Could Earn an A [Press release].

Me. 131st Legislature, Second Reg. Sess., L.D. 1977, “An Act to Create the Data Privacy and Protection Act” (2023).  

National Association of Consumer Advocates. (2024). “Arbitration.”

Quinlan, K. (2024). “Maine could have strongest data privacy law in nation if bill passes”. StateScoop

Making Danish Aebelskivers

Over the past three years, my housemate Ted has been acquiring more and more Lodge cast iron cookware. The collection has grown to about a dozen different pieces, from chicken fryer to wok. The latest addition is an obscure and extremely specific piece of cookware called a Danish æbelskiver pan.

Aebelskiver Pan

Aebelskiver Pan

The æbelskiver is a Danish desert which is akin to a pancake ball. Traditionally, they would include a little bit of apple (æbel) inside, but we did not attempt that for our first time out. Not too terribly sweet themselves, these light and deliciously buttery puffballs would go well with jam and powdered sugar. We skipped the jam and just used maple sugar.

Danish Aebelskivers (courtesy Lodge)

Yield: 4 servings


  • Mix Dry Ingredients
  • 2 Cup
    Soft wheat flour (or unbleached flour or half and half)
  • 1/2 tsp
  • 2 tsp
    Baking Powder
  • 1/4 tsp
    Baking Soda
  • 1 tsp
  • 2 tbsp
    Sugar (we used Maple Sugar)
  • Mix Wet Ingredients
  • 1 3/4 Cup
  • 1/4 Cup
    Frangelico (Hazelnut Liquor)
  • 2
    Egg Yolks (reserve white in separate bowl)
  • 1 tsp

Cooking Directions

  1. After separating the eggs, beat the white until stiff peaks.
  2. Combine dry and wet ingredients until smooth then gently fold in beaten egg whites.
  3. Bring the aebelskiver pan to medium (or just below) heat and then add 1/2 tsp of butter into each cavity. Once the butter has melted, spoon in enough batter to partially fill the cavity (generously rounded tablespoon).
  4. Allow the batter to cook until crispy on the sides (the signs to look for are slight bubbling within the batter and cupping). Then use a skewer or chopstick to loosen the aebelskiver from the side of the cavity and spin about a quarter turn.
  5. Repeat the turning procedure approximately every minute until the outside of the aebelskiver is uniformly golden brown and delicious.
  6. Remove from the pan, dust with maple sugar, and serve hot!

So buttery!

So buttery! 

Ready to eat.

Ready to eat.

Bao Bao Dumpling House

Now, in my occasional series of posts where I eat food and write about it, Bao Bao Dumpling House (133 Spring Street, Portland, ME). As seems to be the pattern, I met up with my friend Jim after a long day of driving to eat!

I found the location easily (the sign is well lit and large), near the sad remains of Miyake Diner, and there was a reasonable queue already at the door. The maître d’, Chris, took my name and number and informed me that at worst there would be a 30 minute wait to be seated. While waiting, I met up with Jim and I prepped him about the history of Bao Bao. The head chef and co-owner, Cara Stadler, is a staple of the Brunswick food scene. Her restaurant Tao-Yuan is well respected and has significant cache in the southern midcoast. The opening of Bao Bao was highly anticipated, especially with some unexpected delays this year.

The call for seating came quicker than promised and we scrambled to get to the door. Inside, the seating (in black) ranges from comfortable wall benches, a large party corner with a lazy Susan, to small pie slice tables suitable for two. The low bar is inviting with beautifully lit rice-paper backgrounds behind the bottles. On the wall above the benches a large, long golden dragon sculpture speaks to the joy and passion of the restauranteur.

Once seated, we were greeted promptly by our server Zoe and brought a carafe of water. The menu immediately makes obvious the reason for coming to Bao Bao — dumplings, lots of them. With options for pan fried or boiled, the dumplings were priced attractively (starting at $6.08 for six) and the variety would satisfy vegetarians and hearty eaters. We ultimately selected the following:

  • Pan Fried Chicken Cashew
  • Pan Fried Beef Curry
  • Pan Fried Lamb Peanut
  • Pan Fried Tofu with Cilantro
  • Boiled Pork & Cabbage
  • Shao Mai

Our selected beverages (Founders All Day IPA and Fatty Bampkins cider) were served quickly and the dumplings followed in rapid succession. The next time I go, I think I’ll time the ordering and delivery a bit more — at a small table it was easy to become overwhelmed with plates.

Available at the table were soy sauce and good chili oil, both good complements to some of the less potent tasting dumplings (i.e. Chicken Cashew). The Lamb Peanut had a good taste, but the texture of the peanut was somewhat challenging and it seemed that the lamb was a little overcooked (this dumpling was the only one where the contents easily slid from the wrapper). The Tofu/Cilantro and Pork/Cabbage were quite easy to eat and needed no adulteration. Importantly, the dough used for the wrapper is relatively neutral and didn’t damage the taste of the dumplings. The Shao Mai were nicely steamed and satisfied as they should. We quickly came to the conclusion that the Beef Curry dumplings suited us the best, followed closely by the Tofu/Cilantro.

I’d suggest that 36 dumplings for two people is a little too much — there wasn’t much space to try an appetizer or dessert. It’s hard to resist the dumplings, though, as the taste and texture are great! I highly recommend visiting Bao Bao and trying the wide variety of dumplings (natch) and the very interesting appetizers.

Cost: $28/person, not including tip.

Posted in Uncategorized | Tagged

Food adventures.

Back in 2012, I first visited Pai Men Miyake and raved about their noodles and pork buns. Since then, I’ve returned multiple times and sampled additional menu items. My most recent visit I ventured into trying the brussels sprouts. The sprouts, quickly deep fried and tossed with a fish sauce vinaigrette, cilantro, and mint, are a delightfully salty complement to beer. The dish was quickly demolished. Later, my friend Jim Troutman joined me and had already discovered how tasty the sprouts are. It was a great time.

Brussels  CutToday, I had to deal with my collection of brussels sprouts that are taking up space in the fridge. Harkening back to my last visit to Pai Men Miyake, I decided to try my own version of their deep fried sprouts. I prepared the sprouts and cut the larger ones in half.

One of my housemates recently purchased some grape seed oil. I have had a hankering to try it out and it’s supposed to be a good frying oil — in the cast iron it went! I set the stovetop at about medium heat and let the pan and oil come up to temperature. Then, I added the brussels in small batches. The first batch, of course, ended up a little darker than I wanted, but the second looked great! For best effect, a couple un-cut small brussels sprouts should be allowed to cook through — they’ll have a nice “pop”.Frying Brussels

At the suggestion of Morgan, the first attempt was a mix of Maine maple syrup, soy sauce, ginger, and a little sriracha. Totally delicious, but a little too salty. The second, again tweaked by Morgan, contained Maine maple syrup, worcestershire sauce, ginger, and more sriracha.

The third version, to my mind, ended up a total winner. It contained a dab of ginger paste, about half a tablespoon of maple syrup, soy sauce, and rice vinegar, and sriracha to taste.

Cooked Brussels Dressed

Needless to say, the brussels sprouts disappeared into hungry mouths rather quickly.

Since I had left over frying oil, I took a couple chicken breast cutlets, coated them in mayonnaise and chipotle panko, and gave them a quick fry. The chicken ended up moist on the inside and had a nice crunch on the outside. The oil was a little too hot for the panko, but the slight burning didn’t spoil the dish too much.

Chipotle Panko coated Chicken with Brussels Sprouts



The obscurity of open source software projects.

With all the sturm und drang about the OpenSSL so-called Heartbleed vulnerability, I spent a good chunk of the previous week examining servers I own or maintain to determine whether I’ll need to upgrade, regenerate/revoke certificates, etc. It has not been pleasant, nor easy.

The challenge of maintaining infrastructure that seems to hum along without intervention can’t be overstated. In my personal and work life, turn up of servers is not a day-to-day occurrence. Maintenance work gets slotted into the “do when there is slack time” column. And since those servers just keep chugging along without too much noise, they don’t rise up and get noticed. The unfortunate side effect of this is a slow, but steady, growth in open attack vectors on those critical infrastructure elements.

The obvious way to deal with this “low priority/high importance” work is to aggressively schedule it and get buy in from management and one’s personal scheduler. It always takes more time than estimated to perform these maintenance tasks, because of changes in software features and operation — and sometimes obsolescence. The problem of obsolescence is the most dogged one, I believe.

Cacti Logo

I’ve used Cacti for many years to graph SNMP interface statistics, traffic, and memory usage collected from Linux, Cisco, and Zhone platforms. It’s a PHP application utilizing the LAMP stack and is lightweight and easy to use. In the chronology of web based graphing of SNMP data, Cacti came after MRTG/RRDTool and allowed for easy creation and viewing of graphs from a web front end. Over the years, the pace of development and release cadence has slowed where the last released version was in August 2013. Since then, there seemingly has been a major restructuring of the code, but I can’t determine where the project is going.

There are tons of projects like this, powering important parts of the Internet’s infrastructure. Each with communities that swell and wane as itches are scratched and new challenges found. Right now, ElasticSearch and the “ELK Stack” are hot and cool and fast — and quite useful — but in 5 years will there even be a way to download the code reliably or documentation that reflects the way the code actually works? I discovered OSSEC last year and was blown away by the completeness of the solution and the excitement of those who had been using it. But now the support of Trend Micro may be in doubt. Will the project sink into obscurity as attention wanes?

There are big challenges for those who must maintain infrastructure built on these tools. As the different software stacks “evolve” on different timelines, it falls to the users/administrators to step up and dig deeper into the code and discover, document, and attempt to correct problems. This is the lifecycle of FLOSS software and, upon writing this entry, I think that it’s a damn good thing (compared to the pay and pray model with commercial software).

Posted in Uncategorized | Tagged ,

Date Nut Pudding

Date Nut Pudding (courtesy K. Williamson)


  • 1 C All Purpose Flour
  • 1 C Sugar
  • 2 Tbsp Baking Powder
  • Pinch Salt
  • 1 C Dates (Chopped)
  • 1 C Walnuts (Chopped)
  • 1/2 C Whole Milk
  • 1 1/2 C Boiling Water
  • 1 C Brown Sugar
  • 2 Tbsp Butter

Cooking Directions

  1. Preheat oven to 350° F.
  2. Grease and flour a deep casserole pan or baking pan (must be at least 4 inches deep).
  3. Blend flour, sugar, baking powder, salt, dates, and walnuts together in a large bowl.
  4. Make a well in the middle and add milk.
  5. Mix with wooden spoon or spatula till well blended.
  6. Pour batter into prepared casserole dish.
  7. Melt butter and brown sugar in boiling water.
  8. Slowly pour over batter in casserole dish.
  9. Bake for 60 minutes or until toothpick inserted into cake comes out clean.
  10. Serve warm or at room temperature with freshly made whipped cream.

Pai Men Miyake

My wonderful oldest sister, Tika, invited me on a Portland Foodie Walking Tour today. After the long walk and samples of some of the great variety of edible treats available, I gained a rather large hunger that could only be sated by ramen.

About two weeks ago, I read Emily Burnham’s review of Pai Men Miyake and it just so happened that I ended up there for a late lunch, accompanied by my boyfriend Paul. It was about fifty degrees Fahrenheit in downtown Portland — but the warm, moist air of the noodle shop immediately fogged up my glasses. As they cleared, I saw a very inviting ramen-ya with a generous bar, comfortable seating for couples and groups, and some of the coolest wall materials I’ve seen.

The waitstaff was quiet, yet attentive, and soon Paul and I had settled on the following:

  • Appetizer: Pork Gyoza and Pork Buns
  • Main: Paitan Ramen

The pork buns ($9 for two) were served first. The unctuous pieces of braised pork belly floated on delicate steamed buns with a slightly hot pepper relish on top. I’ve not had pork belly so rich in flavor and so amazingly tender. The whole plate was consumed in less than a minute and I could have had four more, but I knew I needed to keep room for the coming bowl of ramen.

I enjoy gyoza, making them and consuming them, and they’re a good measure of the sensibility of the chef. This set was perfectly constructed and cooked — the sear on the bottom was uniform and crispy and the tops were pleated professionally. The taste, though, was understated. I like my gyoza to have a bit of a gingery punch, these gyoza were mild enough to require the use of a dipping sauce. Perhaps the chef intended these to be a counterpoint to the over-the-top richness of the pork buns and, if that is true, they provided that counterpoint appropriately.

Or perhaps the gyoza were the counterpoint to the ramen. Oh! The ramen! The paitan ramen ($9.50) arrived in wide mouthed bowls allowing the scent of pork and chicken to waft out in waves of wondrous goodness. The broth was thick with well emulsified fat and surrounded a generous helping of noodles, topped with a chilled, soy-marinated hard boiled egg, pork belly, spring onions, and nori.

As I rearranged the components of the ramen with my chopsticks, it was easy to appreciate the thought that went into composing this dish. The broth, as noted above, was even and the perfect temperature for immediate consumption. The yolk of the egg stood out, a bright orange yellow, in the surrounding drab white. And the pork belly seemed to slowly melt while I watched. Lastly, the noodles — kinky and yellow and in reasonable lengths — were exactly as they should be: firm to the caress of the chopsticks and al dente in the mouth.

A great slurping commenced as the noodles became fodder for my eager mouth. Yes, these are what good noodles should be. Somehow, they transport the broth’s essence along with them, like… like… well, like something awesome. Maybe it’s a kind of capillary action or velvet highway. Anyway, the noodles were great! The egg, chilled and waiting, provided a little break from the slurping and the pork belly continued to exude a serene porkiness into the bowl.

Paul struggled with the noodles for a bit, but once he switched to using the provided soup spoon, he had much better luck. I finished my bowl quickly, adding chili garlic paste ($1.50) half way through to mix things up. I didn’t get as much heat from the paste as I expected, but I received a generous portion on the side and could likely have reached a fiery pinnacle if I mixed it all in at once.

Will I return to Pai Men Mikayke? Yes, certainly. There are more variations of ramen and soba to try and a variety of appetizers that definitely require sampling. It’s great to know that delicious ramen is just around the corner in Portland.

Potstickers / Gyoza

One of my absolute favorite “party foods” are potstickers, also known as gyoza or pork dumplings. These little snacks cook quickly, are a breeze to prepare, and are consumed like candy.

I suggest using a sheet pan to store the dumplings and a non-stick frying pan with a tight fitting lid for cooking. You can prepare a batch of dumplings ahead of time and cook them to order — and you really should, because these are best consumed right off the stove (and they usually don’t stay on a serving plate too long because they’re too tasty!).



  • 3 cups Napa Cabbage (Shredded/Minced) approx. half a head
  • 3/4 tsp Salt
  • 3/4 lbs Ground Pork
  • 4 Minced Scallions
  • 2 Egg Whites (lightly beaten)
  • 4 tsp Soy Sauce
  • 1 1/2 tsp Grated Fresh Ginger
  • 1 Medium Garlic Clove (Minced)
  • 1/8 tsp Black Pepper

Cooking Directions

  1. Toss cabbage with the salt in a colander set over a bowl and let stand until cabbage begins to wilt, about 20 minutes.
  2. Squeeze out any excess moisture with your hands or spatula, then transfer to a medium bowl.
  3. Add the remaining filling ingredients and mix thoroughly to combine.
  4. Cover with plastic wrap and refrigerate until mixture is cold, at least 30 minutes or up to 24 hours.
  5. Working with 4 wrappers at a time (keep the remaining wrappers covered with plastic wrap), fill, seal, and shape the dumplings using about 1 teaspoon of the chilled filling per dumpling.
  6. Transfer the dumplings to a baking sheet and repeat with the remaining wrappers and filling; you should have about 24 dumplings.
  7. Line a large plate with a double layer of paper towels; set aside. Brush 1 tablespoon of the oil over the bottom of a 12-inch nonstick skillet and arrange half of the dumplings in the skillet, with a flat side facing down (overlapping just slightly if necessary). Place the skillet over medium-high heat and cook the dumplings, without moving, until golden brown on the bottom, about 5 minutes.
  8. Add 1/4 cup of the water, and cover immediately. Continue to cook, covered, until most of the water is absorbed and the wrappers are slightly translucent, about 4 minutes. Uncover the skillet and continue to cook, without stirring, until the dumpling bottoms are well browned and crisp, 1 to 2 minutes more. Slide the dumplings onto the paper towel-lined plate, browned side facing down, and let drain briefly.
  9. Make some more!
Posted in Uncategorized | Tagged

First Days

I’ve now started working at the largest employer in my work history. The first day was consumed by human resources “stuff” (sexual harassment training, policy manual, paperwork) which I’ve never really had at my previous employers. Then, in a significant challenge to my name/face memory, I was introduced to 15+ other employees. My brain hurt.

I have a prox. badge, an email account, a laptop, and a good idea what the next weeks will bring. So far so good!

Posted in Uncategorized | Tagged

Difficulty Leaving

I’ve officially not been working since last Friday, but I’m still trying to separate myself from my old employer. It’s a little tougher than I thought it would be. My initial plan was to go into work over the weekend and clean my desk, prepare some RMAs, and make a clean break. That plan did not get executed.

Over the weekend, instead, Christmas trees were acquired, social goodness was continued, and quick trips were made. That leaves me with the frustrating task of going into the old office during work hours to take care of these remaining tasks.

This week was supposed to be open, so I could do housework, plumbing, cleaning, and preparations for the new job. So far, I’ve failed at keeping to those simple tasks.

Posted in Uncategorized | Tagged