Ask Reggi Your Question Now
Can you summarize 9 VTST Chapter 62, Subchapter 2?
PROTECTION OF PERSONAL INFORMATION > SECURITY BREACH NOTICE ACT
Short Summary
The Security Breach Notice Act requires data collectors to notify consumers in the event of a security breach involving personally identifiable information or login credentials. The notice must be provided as soon as possible and without unreasonable delay, but no later than 45 days after the discovery or notification of the breach. If the data collector does not own or license the information, they must notify the owner or licensee of the breach. Additionally, the Act mandates that data collectors provide notice of the breach to the Attorney General or the Department of Financial Regulation, depending on their regulatory status. The notice to consumers must include a description of the breach, the type of information affected, steps taken to protect the information, contact information for further assistance, and advice for consumers to remain vigilant. The Act allows for various methods of providing notice to consumers, including direct notice and substitute notice. The document also outlines certain exemptions and enforcement provisions. Overall, the Security Breach Notice Act aims to ensure that consumers are promptly informed about security breaches involving their personal information or login credentials.
Whom does it apply to?
The Act applies to data collectors who experience a security breach involving personally identifiable information or login credentials.
What does it govern?
The Security Breach Notice Act governs the notification requirements for data collectors in the event of a security breach involving personally identifiable information or login credentials.
What are exemptions?
No specific exemptions are mentioned in the document.
What are the Penalties?
The document does not specify any penalties for non-compliance or violation of the Act's provisions.
Jurisdiction
Vermont