New Vermont Laws Set to Impact Data Brokers- What You Need to Know
As businesses, it’s crucial to stay ahead of regulatory changes that can affect how you manage consumer data. Vermont introduced new laws targeting data brokers, and these changes could have significant implications for how your company handles data and communicates with the state.
Starting January 1, 2019, Vermont’s breach notification laws began holding data brokers to a higher standard of transparency and security. A data broker is essentially a company that collects personal information about consumers it doesn’t have a direct relationship with, think internet browsing habits, public records, and other data points, and then sells or licenses this information to third parties. With the new law in place, Vermont is now requiring data brokers to adopt more robust information security measures and increase transparency about their data collection practices.
Under the new rules, data brokers must keep a record of any data breaches they experience and report these incidents to the state on an annual basis. This reporting will become part of the data broker’s required registration process with the Secretary of State. Along with reporting breaches, brokers will also have to disclose how consumers can opt-out of having their personal data collected or sold.
Perhaps the most significant aspect of this law is its definition of a "data broker breach." Unlike typical data breaches that only cover specific types of personal information, this law defines a breach as the unauthorized acquisition of a wider range of personal details, such as a consumer’s name, address, date of birth, mother’s maiden name, and even family member names or addresses. While this law does include exceptions, such as when the data is encrypted or acquired in good faith, it sets a broader standard for notifying the state and consumers about breaches.
For businesses, these new regulations will require careful attention to data security practices. Data brokers must implement a comprehensive information security program with the proper technical, physical, and administrative safeguards to ensure the protection of consumer data. While this may require an investment in security infrastructure, it’s an essential step in mitigating the risk of a breach and protecting both your business and your customers.
The law also introduces significant changes in how consumers can interact with data brokers. Vermonters will now have greater access to information about which companies are collecting their data and how to opt out of those practices. This transparency is designed to address concerns over the privacy risks associated with the widespread aggregation and sale of personal data. In addition, the law makes it illegal to acquire personal data with the intent to commit wrongful acts, such as identity theft or fraud.
For companies operating as data brokers in Vermont, staying compliant with these new requirements is essential. Not only does this legislation establish new reporting and security measures, but it also creates a precedent for other states that may soon adopt similar laws. It's a clear reminder that data privacy and security are becoming top priorities for both regulators and consumers.
Businesses that deal with consumer data, especially those who operate as data brokers, need to take immediate steps to ensure they are compliant with these regulations, from implementing security protocols to setting up clear opt-out processes for consumers. Keeping these obligations in mind will not only help protect your company from potential fines but also build trust with your customers by demonstrating a commitment to safeguarding their personal information.
© 2018 Cliclaw.com
(Image Credit: iStock Photo)
This article is for information purposes only. It is not intended to be and should not be relied on as legal advice for any particular matter.