Can I use third-party HR tools that collect personal information in Vermont? What are the requirements?

Based on the documents provided, if you are using third-party HR tools that collect personal information in Vermont, you may need to comply with the requirements set forth in the Vermont Statutes Annotated, Title 8, Chapter 72, Sections 2451-2457.

Requirements for Personal Information Protection Companies

Under Section 2453, a personal information protection company must qualify to conduct its business under the terms of this chapter, chapter 72 of this title, and applicable rules adopted by the Department of Financial Regulation. A person shall not engage in business as a personal information protection company in this State without first obtaining a license from the Department.

Fiduciary Responsibility

Under Section 2452, a personal information protection company that accepts personal information pursuant to a written agreement to provide personal information protection services has a fiduciary responsibility to the consumer when providing personal protection services.

Conduct of Business

Under Section 2455, a personal information protection company may operate through remote interaction with the individuals entrusting personal information to the company, and there shall be no requirement of Vermont residency or other contact for any such individual to establish such a relationship with the company. A personal information protection company may provide elements of personal information to third parties with which the individual seeks to have a transaction, a service relationship, or other particular purpose interaction, subject to applicable fiduciary duties, the terms of any agreement with the individual involved, and any applicable statutory or regulatory provision.

Definition of Personal Information

Under Section 2451, “personal information” means data capable of being associated with a particular natural person, including gender identification, birth information, marital status, citizenship and nationality, biometric records, government identification designations, and personal, educational, and financial histories.

Reports and Rules

Under Section 2457, the Department of Financial Regulation may prescribe by rule the timing and manner of reports by a personal information protection company to the Department. The Department may adopt rules to govern other aspects of the business of a personal information protection company, including its protection and safeguarding of personal information and its interaction with third parties with respect to personal information it holds.

Based on the above, it is recommended that you consult with a legal professional to ensure that your use of third-party HR tools that collect personal information complies with the requirements set forth in the Vermont Statutes Annotated, Title 8, Chapter 72, Sections 2451-2457.

Jurisdiction

Vermont

• Privacy