Bill S.70 aims to enhance the protection of personal information for Vermont residents by implementing new regulations for data brokers. Key provisions require data brokers to notify consumers of security breaches, certify that disclosed personal information will be used for legitimate purposes, and establish an accessible mechanism for consumers to request the deletion of their personal information. The bill introduces new definitions, such as "authorized agent," "biometric data," and "consumer health data controller," while also amending existing definitions to clarify the scope of brokered personal information and the responsibilities of data brokers. Notably, the bill removes outdated language regarding unique biometric data and introduces terms like "precise geolocation" and "processor."

Additionally, the bill mandates that data brokers register annually with the Secretary of State, providing detailed information about their data collection practices and any security breaches. It establishes penalties for non-compliance, including administrative fines, and grants the Attorney General and Secretary of State the authority to enforce these provisions. A publicly accessible webpage will be created to display registration information and facilitate consumer deletion requests, which must be processed by data brokers at least once every 45 days. The act is set to take effect on July 1, 2025, and establishes the Data Brokers Registry Fund to support the implementation of these provisions.

Statutes affected:
As Introduced: 9-62