Vermont Consumer Privacy Law as a Fraud and Compliance Solution

California is not the only state concerned with data privacy. In May 2018, before the General Data Protection Regulation (GDPR) came into effect in the European Union, Vermont passed a consumer privacy law as well. It is a law that is meant to serve as a fraud and compliance solution. It regulates data brokers—these are the companies that collect and sell consumer personal information.

The law went into effect January 1, 2019, and has broad-reaching protections, just like GDPR and CCPA. The Vermont law protects the citizens of Vermont, US citizens, and non-US citizens. The goal of the fraud and compliance solution is to stop criminals from using consumer information and making the data trade more transparent.

Why the Vermont Law is an Important Fraud and Compliance Solution

Many US consumers are not aware of how this law serves as a fraud prevention solution. They are also not aware that companies use the data they collect about them from social media visits or website traffic.

Many companies use the data to create “shadow” profiles of consumers. These profiles help determine creditworthiness, favorability of offers from financial institutions, and even which job openings to show people online. For the most part, these “shadow” profiles are unregulated in the US. The Vermont law changes this.

consumer privacy regulation as a fraud and compliance solution

What the Vermont Law Does

Under the guidelines of the new bill, data brokers must register with the Vermont Secretary of State and pay an annual $100 fee. Registering with the state presents new scrutiny for data brokers. Vermont requires brokers to better inform consumers about the data they collect about them. It requires them to provide clear instructions for opting out of data collection. Brokers must be transparent and report information about how they collect, store and sell consumer data to the state. They must also implement a comprehensive data security system that builds a fraud prevention solution. Plus, they must create safeguards to protect consumers’ personal data.

How the Law Defines a Data Broker

The new law in Vermont changes the definition of what a data broker is. It takes a broad approach and defines a data broker as a business or collection of businesses that knowingly collects and sells or licenses personal information from consumers to third parties with whom they do not have a relationship.

Businesses that collect, sell and license their own consumer’s data are not affected by the law, as long as they have a direct relationship with those consumers and the sale of data is merely incidental. This means that companies like Google, who collects data directly from consumers that use their search engine, are not affected by the law while data brokers, who collects data through indirect means, are affected.

Vermont on keyboard fraud and compliance solution

Noncompliance is Costly

Data brokers are forbidden from acquiring consumer personally identifiable information (PII) through illegal means. It also prohibits them from using PII to harass, stalk, commit fraud or perform any other illegal activity. If a data broker fails to meet the standards set forth by Vermont or suffers a data breach, they will have to notify authorities about the incident. Previously, they were not required to do so. Regulators within the state will be able to keep tabs on companies through this law. This will allow them to penalize a data broker through legal enforcement actions if they find out they are using consumer data for unethical purposes, such as in the Cambridge Analytica scandal where Facebook users were unaware that their PII was being accessed and used to manipulate the 2016 US election.

Additional Consumer Protections

The Vermont bill adds some benefits to its residents. It waives the $10 fee for freezing a credit report and $5 fee for lifting the freeze. Credit reporting bureaus like Equifax, Experian and Transunion will have to allow Vermont residents to control their accounts without charging those fees. If a consumer feels that their data was sold and led to illegal discrimination, they can now take a data broker to court and hold them responsible for the injustice. This gives Vermont residents the ability to monitor and safeguard their own credit. It will empower them in a way unavailable to most US consumers.

How Does it Compare to GDPR

Overall, GDPR is still a stricter fraud and compliance solution than the Vermont law. Nevertheless, Vermont is paving the way for future consumer privacy legislation in the US. Clearly, the support for consumer data protection is there, especially given the amount of data breaches plaguing US citizens in 2018. California has also followed suit and created their own consumer privacy laws, called CCPA, creating more of a demand for consumer data protection. It seems likely that many more states will follow Vermont and California’s lead and introduce privacy laws to protect consumers in the near future. This could pave the way for federal legislation concerning consumer privacy in the US.

Alex McGinness
Alex McGinness

Alex is passionate about making the world a better place. She believes she can change the world, and one way she can do that is by helping businesses grow online through digital marketing. She excels at branding, graphic design, web design, social media management, and content writing. Alex finds the most success when she is working with companies that produce services or products that make the world a better place. She enjoys working with a collaborative team that is organized, goal-oriented and harmoniums. At IDMERIT, she manages their digital presence online as their in-house marketing coordinator. Her goal is to showcase the IDMERIT brand as a leader in global identity verification services.

Get Notified about Industry Updates