Vermont Updates Its Breach Notification Law
Wednesday, June 13, 2012
On May 8, 2012, the State of Vermont amended its Security Breach Notice Act. was amended. The changes included:
- The breach can be either a known unauthorized acquisition, or a "reasonable belief of an unauthorized acquisition..."
- Breach notice must be provided to Vermont residents within 45 days after discovery of the breach
- Breach notice must be given to the Vermont Attorney General with 14 business days of the date the breach was discovered, or the date affected Vermont residents were notified
- Breach notice must include the date discovered, a description of the breach, the number of Vermont residents affected, and a copy of the notice sent to affected Vermont resident
- Textual changes to make the law's description of sensitive personal information consistent with the industry-standard, PII (Personally Identifiable Information)
Breach notice to affected Vermont residents must describe the incident, the date of the breach, the types of personal data lost/stolen, and methods to protect sensitive personal data from further breaches
Download the amended Vermont Security Breach Notice Act (Adobe PDF).
Thanks for posting those tips, I'm sure they'll come in handy for everyone. And nice job getting the top spot on the high scores!
Posted by: lawgena | Saturday, November 24, 2012 at 08:36 AM