Vermont Data Broker Registration Due January 31, 2019

January 31, 2019

Vermont Data Broker

On May 22, 2018, the State of Vermont enacted House Bill Number 764 (the “Bill”) to, among other things, regulate how Vermont data brokers collect consumer data and sell that information to third parties. The Bill went into effect on January 1, 2019, giving Vermont data brokers until January 31, 2019, to register as data brokers with the Vermont Secretary of State. If data brokers fail to register (and pay the annual $100 registration fee), they are subject to a penalty of $50 per day until registered, not to exceed a penalty of $10,000 per annum. In addition to registration fees, Vermont data brokers are required to annually provide information concerning their data collection activities, opt-out policies, purchaser credentialing practices, and any security breaches.

Who are data brokers within the meaning of the Bill? 

Defining Vermont “Data Brokers” 

The Bill defines a data broker as “a business . . . that knowingly collects and sells or licenses to third parties the brokered personal information of a [Vermont] consumer with whom the business does not have a direct relationship.” Please note that it was the intention of the Vermont Generally Assembly to narrowly tailor the definition of data broker. As such, the following conduct is not considered data brokering activity:

1) developing or maintaining third-party e-commerce or application platforms;

2) providing 411 directory assistance or directory information services, including name, address, and telephone number, on or behalf of or as a function of a telecommunications carrier;

3) providing publicly available information related to a consumer’s business or profession; or

4) providing publicly available information via real-time alerts for health or safety purposes.

Complying with the Bill 

We have previously blogged about the obligations that the Bill imposes on Vermont data brokers and how those obligations have been crafted to protect Vermont consumers. It is likely that other states will follow the lead of Vermont and California in regulating consumer data collection and information security practices. As such, it is recommended that companies operating in the data broker space retain qualified legal counsel to help navigate the existing and emerging issues presented by applicable state and federal law.

If you are interested in learning more about this topic or ensuring that your business is compliant with state and federal data collection, storage and usage laws, please visit the privacy and security data law practice area of our website, e-mail us at or call us at (212) 246-0900.

The material contained herein is provided for information purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.

Attorney Advertising 

Related Blog Posts:

Does the California Consumer Privacy Act Apply to Your Business?

GDPR: The EU’s New Data Protection Law

New Vermont Auto-Renewal Law for Consumer Contracts


David Klein

David Klein is one of the most recognized attorneys in the technology, Internet marketing, sweepstakes, and telecommunications fields. Skilled at counseling clients on a broad range of technology-related matters, David Klein has substantial experience in negotiating and drafting complex licensing, marketing and Internet agreements.
FTSA TCPA Telemarketing telemarketer note pad lawsuit

FTSA Lawsuit Update

Readers of our blog may recall a recent piece in which we discussed a Florida Telephone Solicitation Act (“FTSA”) lawsuit pending in the United States

Read More »

Trending Topics

FTSA TCPA Telemarketing telemarketer note pad lawsuit

FTSA Lawsuit Update

Readers of our blog may recall a recent piece in which we discussed a Florida Telephone Solicitation Act (“FTSA”) lawsuit pending in the United States

Read More »