Vermont’s Breach Notice Obligations for Data Brokers Take Effect

By Richard NewmanJanuary 3, 2019

Vermont’s recent data broker legislation mandates that registration must take place prior to January 31, 2019.

The law defines a “data broker” as a business that “knowingly collects and sells or licenses to third parties the brokered personal information of a consumer with whom the business does not have a direct relationship.” Data brokers must maintain a record of “data broker breaches” and provide such information, as well as information about business operations, on an annual basis to the state as part of a new registration process.

Data brokers – businesses that aggregate data on individuals and sell or license it – will now have to set forth how they permit individuals to opt-out of having information collected, stored or disseminated. Data brokers will also have to, without limitation, develop and maintain comprehensive information security programs, train employees on computer security, encrypt transmitted records containing personal data sent across public networks.

Data broker breaches are defined more broadly that just “personal information.” For broker breaches, personal information also includes name, address, date of birth, place of birth, mother’s maiden name, and name or address of family members. The “broker breach” definition (i.e., when there is a duty to notify the state) imposes notice obligations when there is an unauthorized acquisition.  It does, however, contain encryption and good faith exceptions.

Takeaway: Marketers must bear in mind the law’s disclosure requirements for data brokers lay the foundation for a “deceptive act.” It requires notifying the state about a broader category of data breaches than what currently exists under the general breach notice obligations. Data brokers must register with state by end of January and national brokers should assume that they hold Vermonters’ data.

Informational purposes only. Not legal advice.

Other Stories You Might Like

How to Build a Cross-Channel Lead Generation Strategy in 4 Steps
September 11, 2019, 8:00 am

Digital Advertising and Marketing Strategies for Reaching the Modern Customer
September 10, 2019, 12:00 pm

3 Highlights from This Quarter’s For-Profit and Online Education Earnings
September 9, 2019, 8:00 am

Recent FTC Settlement Provides Valuable Lead Generation Compliance Reminders
August 30, 2019, 9:00 am

Q&A: Budreski on LTV, B2B Engagement & Proving Marketing’s Worth
August 29, 2019, 8:00 am

Three Tips for Lead Generation and B2B Conversion
August 27, 2019, 8:00 am

4 Steps to Careful Planning & Setup Before Launching a Lead Generation Campaign
August 26, 2019, 8:00 am

Are Your Lead Conversion Rates Above Average?
August 22, 2019, 8:00 am

Lead Generation: This Is How You Succeed
August 21, 2019, 8:00 am

GDPR: What Marketers Should Know
August 14, 2019, 8:00 am

© 2019 Access Intelligence, LLC – All Rights Reserved. ||