State Laws-Data Brokers. Vermont enacted the United States’ first statute regulating data brokers who buy and sell personal information. The law requires data brokers to register with the Vermont Attorney General (AG) and pay an annual registration fee, as well as reporting their practices to the AG annually. The law also requires data brokers to implement and maintain a comprehensive security program. The registration and data security requirements become effective January 1, 2019. The remainder of the requirements became effective immediately. State Laws-Privacy Policies. In 2017, Nevada joined California and Delaware as one of three states with laws mandating online privacy policies. Like the other state privacy policy laws, the Nevada law contains content requirements. Under the Nevada law, privacy policies must: (i) identify categories of personal information collected through the website and the categories of third parties with whom the personal information may be shared; (ii) inform users about their ability to review and request changes to their information collected through the website; (iii) disclose whether third parties may collect information about users’ online activities from the website; and (iv) list the effective date of the policy.
As of December 17, 2024, the following states have passed laws related to data privacy:
KENTUCKY Kentucky Consumer Data Protection Act is effective January 1, 2026. MARYLAND Maryland Online Data Privacy Act is effective October 1, 2025. Maryland’s privacy law departs from California, and many other state privacy law thresholds. The Act applies to entities that control or process the personal information of at least 10,000 residents—compare this to the California Act, which applies to entities that process the data of at least 100,000 consumers.
136
Made with FlippingBook - Online Brochure Maker