Vermont Attorney General Issues Guidance on Data Broker Regulation

Written By ESR News Blog Editor Thomas Ahearn

On January 1, 2019, the Vermont Data Broker Regulation (Act 171) took effect and requires, among other things, that data brokers register with the Vermont Secretary State and protect the personally identifiable information (PII) of Vermont residents.

Vermont Data Broker Regulation

In December of 2018, the Vermont Attorney General issued guidance on the Data Broker Regulation to help address questions on process and scope. The guidance is not legal advice but is intended to assist data brokers affected by this regulation and help them comply with the law.

The Vermont Data Broker Regulation requires data brokers to register with the Secretary of State annually and maintain certain minimum data security standards. The deadline for registering is January 31, 2019, and the registration can be completed on the Secretary of State’s website.

A copy of the registration form is also attached to the guidance on the Vermont Data Broker Regulation and may be completed and delivered by mail or in person to: Vermont Secretary of State, Corporations Division, 128 State Street, Montpelier, Vermont 05633-1104.

The Regulation defines a “data broker” as being in “the business of aggregating and selling data about consumers with whom the business does not have a direct relationship.” Businesses unsure whether they are data brokers should view the guidance or contact the Attorney General.

The Federal Trade Commission (FTC) – America’s chief privacy policy and enforcement agency – regulates data brokers in the United States. In April of 2012, the FTC issued a report containing recommendations regarding data brokers and use of personal data.

In June of 2012, the FTC fined a data broker $800,000 in the first FTC case to address the sale of Internet and social media data in the employment screening context. The FTC found the data broker did not take steps to protect consumers as required under the Fair Credit Reporting Act (FCRA).

In April of 2014, two data brokers agreed to settle FTC charges that they violated the FCRA by providing reports about consumers without taking reasonable steps to make sure that they were accurate or that their users had a permissible reason to have those reports.

In May of 2014, the FTC issued a report examining data brokers that claimed data brokers operated with a fundamental lack of transparency and recommended Congress consider enacting legislation to make data broker practices more visible to consumers.

ESR Protects Consumer Information Used in Background Checks

Employment Screening Resources® (ESR) – a leading global background check firm – undergoes annual SOC 2® Type II audits to confirm it meets high standards for protecting the consumer information used in background checks. To learn more, visit www.esrcheck.com/Why-ESR/SOC-2/.

NOTE: Employment Screening Resources® (ESR) does not provide or offer legal services or legal advice of any kind or nature. Any information on this website is for educational purposes only.

© 2019 Employment Screening Resources® (ESR) – Making copies or using of any part of the ESR News Blog or ESR website for any purpose other than your own personal use is prohibited unless written authorization is first obtained from ESR.