|Security Breach Notice Act|
|CITATION||Vt. Stat. tit. 9 § 2430 et seq.|
The law requires any data collector that owns or licenses computerized personal information about a consumer to provide notice if there is a security breach.
No notice is required if the data collector establishes that misuse of personal information is not reasonably possible and the data collector provides notice of the determination that the misuse of the personal information is not reasonably possible pursuant to the requirements of this subsection.
The law covers ‘Personal Information" which means an individual's first name or first initial and last name in combination with any one or more of the following data elements, when either the name or the data elements are not encrypted or redacted or protected by another method that renders them unreadable or unusable by unauthorized persons:
|INDUSTRY||An individual or entity that owns or licenses computerized data that includes PI or maintains such data.|
|PENALTIES||The Attorney General and the State’s Attorney have the authority to enforce this law. If the breach involves a person or entity licensed or registered with the department of banking, insurance, securities and health care administration, then the relevant regulatory authority can investigate and impose penalties for a violation.|