May 19, 2019

May 17, 2019

Subscribe to Latest Legal News and Analysis

US Breach Laws Are Coming: Vermont

On January 1, 2019 Vermont’s breach notice law will include obligations specific to data brokers. A “data broker” is defined as a business that “knowingly collects and sells or licenses to third parties the brokered personal information of a consumer with whom the business does not have a direct relationship.” Under the law, data brokers must keep a record of “data broker breaches” and annually tell this information to the state. Brokers will need to provide this as part of a new annual registration process. The registration also requires data brokers to explain how they let individuals opt-out of having information collected, stored or sold. Finally, data brokers also have to develop and maintain a comprehensive information security program.

Data broker breaches are defined as unauthorized acquisition of “broker personal information.” This is broader than personal information that triggers general breach notice obligations. For broker breaches, personal information also includes name, address, date of birth, place of birth, mother’s maiden name, and name or address of family members. The “broker breach” definition (i.e., when there is a duty to notify the state) imposes notice obligations when there is an unauthorized acquisition. It does, though, contain encryption and good faith exceptions.

Putting it Into Practice: This law is one of the first to have specific disclosure obligations for data brokers, and will require telling the state about a broader category of data breaches than what exists under the general breach notice obligations.

Copyright © 2019, Sheppard Mullin Richter & Hampton LLP.

TRENDING LEGAL ANALYSIS


About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney
Partner

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

312-499-6335
Shanna Pearce, Sheppard Mullin, San Diego, litigation, class action, intellectual property, IP, copyrights, false advertising, commercial litigation, lanham act, unfair competition
Associate

Ms. Pearce represents businesses in the areas of intellectual property and commercial litigation, from trademark and copyright matters to consumer class actions. She has represented Fortune 500 companies in complex actions involving allegations of copyright violation, breach of contract, fraud, and unfair business practices. She has also defended retailers and financial institutions in class actions alleging violations of statute and federal laws relating to false advertising, unfair competition, pricing practices, and lending disclosures. Ms. Pearce’s litigation experience ranges from pre-suit strategy and advice to post-trial proceedings, with a special focus on appellate issues. She also has significant experience in private domestic and international arbitrations.

Ms. Pearce co-chairs the Bench-Bar Committee of Lawyers Club of San Diego, and is an active member of both the San Diego County Bar Association Appellate Section and the San Diego Appellate Inn of Court. She is a member of Sheppard Mullin’s own Pro Bono Committee and coordinates pro bono training and case placement in the Del Mar office. Ms. Pearce’s pro bono practice focuses on asylum and other immigration matters for victims of persecution, torture, and domestic violence.

858-720-7475