Bill H.211 aims to strengthen the protection of personal information for Vermont residents by implementing new regulations for data brokers. Key provisions require data brokers to notify consumers of security breaches, certify that disclosed personal information will be used for legitimate purposes, and provide a mechanism for consumers to request the deletion of their personal information. The bill introduces definitions for terms such as "authorized agent," "biometric data," and "data broker," while also clarifying the responsibilities of data brokers in the event of a security breach. Notably, it grants the Attorney General the authority to investigate and enforce compliance among data brokers regarding security breach notifications.

Additionally, the bill mandates that data brokers register annually with the Secretary of State, including detailed operational information and opt-out methods for consumers. It establishes penalties for non-compliance, such as fines for failing to register or providing inaccurate information, and creates the Data Brokers Registry Fund to support enforcement efforts. A significant feature of the bill is the requirement for the Secretary of State to implement a deletion mechanism by January 1, 2028, allowing consumers to request the deletion of their brokered personal information with a single verifiable request. The act is set to take effect on July 1, 2025.

Statutes affected:
As Introduced: 9-62