Following the Equifax data breach and motivated by a December 2017 report from the Vermont attorney general and Department of Financial Regulation, the Vermont state legislature enacted a law to provide consumers with more information about data brokers and their practices. The new law narrowly defines data brokers, which notably excludes businesses that collect information from their own customers, employees, users or donors. It requires covered entities to register annually and put in place comprehensive security programs, offering specific elements to be included in such programs. University of Maine School of Law Student and IAPP Extern Hawah Ahmad, CIPP/E, writes about the new law in this Privacy Tracker post.
If you want to comment on this post, you need to login.