This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
Insights Insights
| less than a minute read

Vermont Governor Vetoes Proposed Comprehensive Privacy Bill

In what may be a first, a state governor has vetoed a comprehensive state privacy bill that had passed both houses of the state legislature.  In mid-June, the governor of Vermont refused to sign the bill, saying that the private right of action it included represented a threat to small/medium businesses.  The governor also questioned its provisions aimed at children's privacy.  The legislature failed to override the veto during a later special session.  


Although a quarter of states currently have a privacy law in effect or pending, with more to come, most of those laws do not allow citizens to bring direct suit against companies who fail to comply.  They depend, instead, on the state attorney general to enforce the law against violators.  Where consumers have a direct right of action, the compliance headaches can add up quickly – and so can the damages assessed against companies who lose their cases in court.  The stance of the Vermont governor represents rare pushback against a privacy bill during privacy's arguable heyday, but it also represents taking a stand on how these issues should be investigated and punished.   

The legislation would have prohibited the sale of sensitive data, such as social security and driver’s license numbers, as well as financial information and health data. It also would have set meaningful limits on the amount of personal data that companies can collect and use, according to the nonprofit Electronic Privacy Information Center based in Washington, D.C.


data security and privacy, hill_mitzi