Maryland Code, Local Government § 31-107

(b) Before approving a query, the manager, with assistance from technical experts identified by the executive committee, shall conduct an in-depth review of the proposed query for consistency with authorized purposes, alignment with evidence-based standards for equitable, ethical, and methodologically appropriate inquiries, and assessment of the benefits for and impact on the greater Baltimore City community.

(c) Before providing any data in response to a query, the manager shall obtain written approval from any provider of data to confirm that there is no reasonable basis to believe that de-identified data provided in response to a query could be used by a data recipient to successfully link de-identified data to a particular individual, based on the size or uniqueness of the population under consideration in the query, or otherwise.

(d) The manager shall ensure that the data management system and provided data are secure using security standards and protocols that address, at a minimum, data security and access, security incident and disaster recovery procedures, and recording and monitoring of system activity.

(e) The manager shall maintain appropriate administrative, physical, and technical safeguards that protect privacy, confidentiality, integrity, and availability of any data in compliance with the federal Family Educational Rights and Privacy Act and other relevant privacy laws and policies, including:

(f) The manager shall ensure that a query of the data management system:

(g) On request, the manager may provide technical assistance to data recipients regarding data received from the Baltimore City Youth Data Hub.