InfoBytes Blog
Filter
Subscribe to our InfoBytes Blog weekly newsletter and other publications for news affecting the financial services industry.
Dem chairs request info on agency data use
On August 16, Chairman of the Committee on the Judiciary Jerrold Nadler (D-NY) and Chairman of the Committee on Homeland Security Bennie Thompson (D-MS) sent a letter to multiple government agency leaders, requesting information on their purchases and use of personal data from data brokers. According to the chairmen, “[c]ompanies participating in the data market acquire user information for package and sale through social media, mobile applications, web hosts, and other sources,” and such products “can include precise details on individuals’ location history, internet activity, and utilities information, to name a few.” The letter further noted that, “improper government acquisition of this data can thwart statutory and constitutional protections designed to protect Americans’ due process rights.” The letter also pointed out that the agencies receiving the letter “have contracts with numerous data brokers, who provide detailed information on millions of Americans.” The chairmen requested a briefing from the agencies, in addition to documents and communications related to contracts the government has had with data brokers, legal analyses on the use of personal data, and parameters and limitations set on the use of the data by the end of August.
Nevada updates consumer privacy framework
On June 2, the Nevada governor signed SB 260, which revises certain provisions under the state’s existing privacy law. Among other things, the act (i) adds “data broker” to the existing privacy framework; (ii) exempts certain persons and information collected about a consumer in the state from requirements imposed on operators, data brokers, and covered information, including consumer reporting agencies, personally identifying information regulated by the FCRA or the federal Driver’s Privacy Protection Act, information collected for the purposes of fraud information, publicly available information, and financial institutions; (iii) prohibits a data broker from selling covered information collected about a consumer in the state if so directed by the consumer, and revises provisions related to the sale of certain covered information about a consumer; (iv) requires data brokers to respond to a consumer’s verified request within 60 days after receipt (a data broker may extend this period by no more than 30 days if an extension is determined to be reasonably necessary); (v) provides data brokers and operators 30 days to remedy violations of the opt-out requirement (provided they have not previously failed to comply with the opt-out requirements); and (vi) updates the definition of “sale” to include “the exchange of covered information for monetary consideration by an operator or data broker to another person.” While existing law already provides the Nevada attorney general with the authority to seek injunctive relief and impose civil penalties of no more than $5,000 per violation, the act extends this authority to cover data brokers. Additionally, the act explicitly does not provide for a private right of action against operators. The act takes effect October 1.
Vermont legislation regulates data brokers and provides consumer protections
On May 22, a Vermont bill, established to regulate data brokers and provide consumers with protections against companies that collect, analyze, and sell their personal information, was enacted without the governor’s signature. Among other things, H.764: (i) requires data brokers to pay a $100 fee to register annually with the Vermont Secretary of State and publicly disclose information about data collection practices and opt-out policies; (ii) requires companies to implement measures to ensure they have “adequate security standards” to safeguard against data breaches; (iii) prohibits the “acquisition of personal information with the intent to commit wrongful acts”; and (iv) prohibits credit reporting agencies from charging consumers fees for the placement, removal, or temporary lift of a security freeze. The credit freeze provisions became effective upon passage. The data broker provisions take effect January 1, 2019.