Enhance your TRUST relationship with PRIVACY and SECURITY. Privacy Made Simple!

   +1 866 267 0049   830 NE Pop Tilton Place, Jensen Beach, FL 34957

Vermont
Privacy Laws

Overview

BREACH NOTIFICATION – Mandated Timeframe
14 business days

FINES & PENALTIES – Violations
Up to $10,000

Legal

Regulation Levels

  • Breach Reporting

    Breach Reporting

  • Consumer Notification

    Consumer Notification

  • Vendor Management

    Vendor Management

  • Vendor Contract Required

    Vendor Contract Required

PRIVACY AND SECURITY LAWS

Laws related to personal information and privacy and security.

QUICK FACTS

Vermont Privacy Law Information

PRIVACY PROGRAM

Organizations and Vendors in the business of destroying records must have measures in place for the destruction of records containing personal information so the records are unreadable or undecipherable. Heightened protection and handling requirements apply to social security numbers. Organizations and Vendors in the business of destroying records must have policies and procedures in place for the protection and security of personal information.

BREACH REPORTING

A breached Organization must notify the Attorney General or the Department of Financial Regulation within 14 days of discovery of a breach and must provide a preliminary description of the breach. Follow-up regulatory notification is required to communicate specific information.

CONSUMER NOTIFICATION

Consumer notification following a breach involving login credentials may be sent through electronic notice to any consumers whose login credentials were wrongfully acquired. The consumer must be given advice on “steps necessary to protect the online account, including to change his or her login credentials for the account and for any other account for which the consumer uses the same login credentials. Consumer Notification of a breach must be made within 45 days. Organization must notify, without unreasonable delay, all consumer reporting agencies if more than 1000 affected consumers receive breach notification. If a breach affects residents of other jurisdictions, those individuals must be notified based on the breach notification laws of the jurisdiction where they reside.

VENDOR/THIRD PARTIES

Vendors must notify Organizations immediately after discovery of a breach or suspected breach. The Organization will be responsible to complete any required regulatory reporting and consumer notifications.

INDUSTRY SPECIFIC

Vendors of Data Brokers must be contracted. Data Brokers must register with the Security of State and provide detailed information regarding their practices.

FINES & PENALTIES

Vermont’s security breach notification law is enforced under its Consumer Protection Act, with penalties up to $10,000. Failure to protect personal information is considered an unfair and deceptive act.

Vermont Statutes and Laws

9 V.S.A. § 2430

Definitions

9 V.S.A. § 2431

Acquisition of brokered personal information; prohibitions

9 V.S.A. § 2435

Security breach notice act

9 V.S.A. § 2440

Social security number protection act

9 V.S.A. § 2445

Document safe destruction act

9 V.S.A. § 2446

Data brokers annual registration

9 V.S.A. § 2447

Data broker duty to protect information; standards; technical requirements

9 V.S.A. § 2458

Restraining prohibited acts

9 V.S.A. § 2461

Civil penalty

V.S.A. 9-62

Protection of personal information

DISCLAIMER

The information provided is not legal guidance or recommendations and are for informational purposes only.