Vermont passes first-of-its-kind law to clamp down on data brokers
They'll face legal action for compromising your info.
Data brokers who trade your info behind the scenes will have to watch their step if they're doing business in Vermont. The state has enacted a first-of-its-kind law that both requires brokers to meet certain standards and punishes them if they fall short. They'll have to register in the state, maintain a "comprehensive" security program (including encryption for all sensitive data) and report any breaches. They'll face legal action if they break any of these terms or use data for illegal purposes, such as racial discrimination.
The measure also demands disclosures that make it clear how and when consumers can opt out.
This wouldn't necessarily prevent another incident on the scale of the Cambridge Analytica mess, but the ramifications could still be far-reaching. While there's plenty of regulation for companies that collect data directly from users, there's virtually nothing in the US for the companies that are entirely disconnected from the people whose data they're trading. In theory, this establishes a baseline level of security and keeps companies from abusing your info.
There's a bigger question surrounding the long-term effects of the law. While TechCrunch noted that the legislation should be clearly worded enough to prevent data brokers from slipping through the cracks, it remains to be seen how well this works in practice. Also, this is just one state -- it's not certain that other states will follow suit. If it does stop fraudsters, though, there's a good chance other parts of the country will follow suit.
