January 31, 2019
On May 22, 2018, the State of Vermont enacted House Bill Number 764 (the “Bill”) to, among other things, regulate how Vermont data brokers collect consumer data and sell that information to third parties. The Bill went into effect on January 1, 2019, giving Vermont data brokers until January 31, 2019, to register as data brokers with the Vermont Secretary of State. If data brokers fail to register (and pay the annual $100 registration fee), they are subject to a penalty of $50 per day until registered, not to exceed a penalty of $10,000 per annum. In addition to registration fees, Vermont data brokers are required to annually provide information concerning their data collection activities, opt-out policies, purchaser credentialing practices, and any security breaches.
Who are data brokers within the meaning of the Bill?
Defining Vermont “Data Brokers”
The Bill defines a data broker as “a business . . . that knowingly collects and sells or licenses to third parties the brokered personal information of a [Vermont] consumer with whom the business does not have a direct relationship.” Please note that it was the intention of the Vermont Generally Assembly to narrowly tailor the definition of data broker. As such, the following conduct is not considered data brokering activity:
1) developing or maintaining third-party e-commerce or application platforms;
2) providing 411 directory assistance or directory information services, including name, address, and telephone number, on or behalf of or as a function of a telecommunications carrier;
3) providing publicly available information related to a consumer’s business or profession; or
4) providing publicly available information via real-time alerts for health or safety purposes.
Complying with the Bill
We have previously blogged about the obligations that the Bill imposes on Vermont data brokers and how those obligations have been crafted to protect Vermont consumers. It is likely that other states will follow the lead of Vermont and California in regulating consumer data collection and information security practices. As such, it is recommended that companies operating in the data broker space retain qualified legal counsel to help navigate the existing and emerging issues presented by applicable state and federal law.
If you are interested in learning more about this topic or ensuring that your business is compliant with state and federal data collection, storage and usage laws, please visit the privacy and security data law practice area of our website, e-mail us at firstname.lastname@example.org or call us at (212) 246-0900.
The material contained herein is provided for information purposes only and is not legal advice, nor is it a substitute for obtaining legal advice from an attorney. Each situation is unique, and you should not act or rely on any information contained herein without seeking the advice of an experienced attorney.
Related Blog Posts: