information with third parties without effective disclosure to consumers. PIPPA provides a private right of action for aggrieved consumers and provides civil penalties—$2,500 for a first offense and $5,000 for subsequent offenses. State Laws-Data Brokers. Vermont enacted the United States’ first statute regulating data brokers who buy and sell personal information. The law requires data brokers to register with the Vermont Attorney General (AG) and pay an annual registration fee, as well as reporting their practices to the AG annually. The law also requires data brokers to implement and maintain a comprehensive security program. The registration and data security requirements become effective January 1, 2019. The remainder of the requirements became effective immediately. State Laws-Privacy Policies. In 2017, Nevada joined California and Delaware as one of three states with laws mandating online privacy policies. Like the other state privacy policy laws, the Nevada law contains content requirements. Under the Nevada law, privacy policies must: (i) identify categories of personal information collected through the website and the categories of third parties with whom the personal information may be shared; (ii) inform users about their ability to review and request changes to their information collected through the website; (iii) disclose whether third parties may collect information about users’ online activities from the website; and (iv) list the effective date of the policy.
The following states have passed laws or have active bills as of December 21, 2023 related to data privacy:
MAINE LD 1973 Maine Consumer Privacy Act LD 1977 Data Privacy and Protection Act
129
Made with FlippingBook - Online Brochure Maker