Ask Reggi Your Question Now
Can you summarize 9 VTST 2435?
SECURITY BREACH NOTICE ACT > Notice of security breaches
Short Summary
The Security Breach Notice Act requires data collectors to notify consumers of a security breach involving personally identifiable information or login credentials. The notice must be provided in the most expedient time possible and without unreasonable delay, but not later than 45 days after the discovery or notification of the breach. Data collectors that do not own or license the information must notify the owner or licensee of the breach. The Act also requires data collectors to provide notice of the breach to the Attorney General or the Department of Financial Regulation, depending on the entity’s regulatory status. The notice to consumers must include a description of the breach, the type of information affected, steps taken to protect the information, contact information for further assistance, and advice for consumers to remain vigilant. The Act provides for various methods of providing notice to consumers, including direct notice and substitute notice. Certain exemptions and enforcement provisions are also outlined in the document.
Whom does it apply to?
The Act applies to data collectors that own or license computerized personally identifiable information or login credentials, as well as data collectors that maintain or possess such information without owning or licensing it. It also applies to data collectors or entities regulated by the Department of Financial Regulation under Title 8 or this title.
What does it govern?
The Security Breach Notice Act governs the notification requirements for data collectors in the event of a security breach involving personally identifiable information or login credentials.
What are exemptions?
No specific exemptions are mentioned in the document.
What are the Penalties?
The document does not specify penalties for non-compliance or violation.
Jurisdiction
Vermont