Bill S.70 aims to strengthen the protection of personal information for Vermont residents by implementing new regulations for data brokers. Key provisions require data brokers to notify consumers of security breaches, certify that disclosed personal information will be used for legitimate purposes, and establish an accessible mechanism for consumers to request the deletion of their personal information. The bill introduces new definitions, such as "authorized agent," "biometric data," and "consumer health data controller," to clarify the roles of entities handling personal data. It also amends existing laws to enhance enforcement mechanisms, granting the Attorney General the authority to investigate violations and enforce compliance, particularly regarding data controllers and processors.

Additionally, the bill mandates that data brokers register annually with the Secretary of State, providing detailed information about their data collection practices and security breaches. It establishes penalties for non-compliance, including administrative fines and the authority for the Attorney General and Secretary of State to enforce these provisions. A publicly accessible webpage will be created to display registration information, and a deletion mechanism for consumers will be implemented by January 1, 2028. The bill also establishes the Data Brokers Registry Fund to support the costs of maintaining the informational website and enforcing the act, with audits required every three years to ensure compliance. The act is set to take effect on July 1, 2025.

Statutes affected:
As Introduced: 9-62