Data protection 1, 2018

An act relating to data brokers and consumer protection H.764 (Act 171)



Vermont General Assembly


Data security,


The bill recognises that information services, such as credit reporting, background checks, risk mitigation and fraud detection provided by data brokers are essential to the modern economy. However, there are also risks associated with the widespread aggregation and sale of data. Specifically, risks related to consumers’ control over the kinds of data being collected and traded about them, as well as unauthorised access to these data. Moreover, consumers are normally not in a contractual relationship with data brokers themselves and may therefore be unaware of how their data is being used and by whom.
Therefore, this bill seeks to provide consumers with more information about data brokers, to ensure that data brokers have adequate security standards, to prohibit the acquisition of personal information with the intent to commit wrongful acts (data breaches), and to remove financial barriers to protect consumer credit information.
Data brokers are defined as businesses that aggregate and sell the personal information of consumers with whom they do not have a direct relationship. Such companies are required to adopt an information security program with appropriate administrative, technical, and physical safeguards to protect sensitive personal information. Data brokers are also required to register annually with the Secretary of State and make certain disclosures in order to provide consumers, policy makers, and regulators with relevant information. Such information includes the name and primary physical, e-mail, and Internet addresses of the data broker; details on whether and under what conditions the data broker permits a consumer to opt out of the data broker’s collection of personal information, as well as a statement specifying the data collection, databases, or sales activities from which a consumer may not opt out and a statement whether the data broker implements a purchaser credentialing process. In addition, the number of security breaches during the previous year must be disclosed, including the total number of consumers affected by the breaches.

AI Governance

This database is an information resource about global governance activities related to artificial intelligence. It is designed as a tool to help researchers, innovators, and policymakers better understand how AI governance is developing around the world.

We're collecting more examples as we find them. If you'd like to add yours to this map, please suggest an entry.

Suggest an entry
  • Filter by:
  • Current filters:
256 entries are listed below
  • Sort by: