Vermont Governor Signs Bill Requiring Data Privacy Inventory of Citizens’ PII

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

On March 5, 2020, Vermont Governor Phil Scott signed into law Senate Bill 110, “An act relating to data privacy and consumer protection,” which provides authority to develop a statewide data privacy inventory of the personally identifiable information (PII) that the state collects from and maintains of its citizens.

According to the bill, the data privacy inventory will be developed by, and be the joint responsibility of, the State Court Administrator of the Judicial Branch, the Director of Information Technology for the Legislative Branch, and the Chief Data Officer of the Secretary of State’s Office for the Executive Branch. Those individuals will be responsible for directing the state’s efforts in conducting a privacy audit around 1) the state and its agencies’ collection of residents’ personal information; 2) state and federal laws applicable to PII; 3) arrangements or agreements, whether oral or in writing, about the sharing of PII between agencies; and 4) provide recommendations for proposed legislation regarding the collection and management of PII to the Governor.

The bill also expands the definition of personal information subject to the Security Breach Notice Act to include biometric, genetic, tax payer identification numbers, health, medical diagnosis or treatment information, and health insurance policy numbers.

Back to the data privacy inventory. This is also called “data mapping” in the privacy world.

Mapping which state agencies collect, use, maintain and disclose citizens’ personal information will be a monumental task, even in the small state of Vermont. Nonetheless, as private businesses have learned over the years, it is nearly impossible to assess the risk of the data the organization has in its possession, as well as put measures in place to protect it, if you don’t know where it is or what is being done with it.

It is unclear how many states are trying to accomplish this task, but when you look at the amount of sensitive personal data states collect and maintain, this is a worthy and impressive goal by the legislators and Governor. Kudos to lawmakers in Vermont, and may other states follow in Vermont’s footsteps.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide