The bill H.211 amends Chapter 62 of Title 9 of the Vermont Statutes to enhance the protection of personal information, particularly in relation to data brokers. It introduces new definitions such as "Authorized agent," "Biometric data," and "GenAI system," while expanding the definition of "Brokered personal information" to include any data linked to identifiable individuals. The bill emphasizes the necessity of a "direct relationship" between consumers and businesses, which is established through intentional consumer interaction. Additionally, it outlines the requirements for data brokers regarding the acquisition, disclosure, and notification processes related to security breaches, mandating that consumers be notified within 45 days of a breach and detailing the incident.

Moreover, the bill establishes annual registration requirements for data brokers, including a registration fee and bond, and imposes penalties for non-compliance. It mandates that data brokers maintain a webpage for consumers to request the deletion of their brokered personal information, which must be processed within 30 days. The bill also introduces a consumer appeal process for denied deletion requests and requires the Secretary of State to study the feasibility of a deletion mechanism that allows consumers to request the deletion of their information from multiple brokers simultaneously. The act is set to take effect on January 1, 2027, with an appropriation of $50,000 for consulting assistance in the study.

Statutes affected:
As Introduced: 9-62
As Passed By the House -- Official: 9-62
As Passed By the House -- Unofficial: 9-62