Bill H.211 aims to enhance the protection of personal information for Vermont residents by introducing new regulations for data brokers. Key provisions require data brokers to register annually with the Secretary of State, pay a registration fee, and provide detailed information about their operations, including opt-out policies and security breaches. The bill mandates that data brokers notify consumers and the Attorney General of any security breaches involving brokered personal information, specifying the number of affected consumers and the breach date. Additionally, it establishes penalties for non-compliance, granting the Attorney General and Secretary of State enforcement authority to collect fines and seek injunctive relief.

The bill also mandates the creation of a publicly accessible webpage by the Secretary of State to display registration information and implement an accessible deletion mechanism for consumers by January 1, 2028. This mechanism will allow consumers to request the deletion of their brokered personal information from all data brokers with a single verifiable request, including features for selective exclusion of specific brokers and secure submission of information. Data brokers will be required to process these deletion requests at least once every 45 days. Furthermore, the bill establishes the Data Brokers Registry Fund to manage the financial aspects of these provisions, and data brokers will be subject to audits every three years to ensure compliance. The act is set to take effect on July 1, 2025.

Statutes affected:
As Introduced: 9-62