As the COVID-19 pandemic took hold earlier this year, state lawmakers shifted their legislative priorities to virus relief efforts rather than privacy legislation. But focus could return late in 2020 or early in 2021, as policymakers at both the state and the federal level consider new privacy legislation.
Amendments to Vermont’s data breach notification law went into effect July 1 and include additions to the definition of “personal information.” When combined with a consumer’s first name or first initial and last name, personal information now includes various government identification numbers, such as a taxpayer identification number, passport number, military identification card number or another ID number that originates from a government identification document that is commonly used to verify identity for a commercial transaction.
The law approved by Vermont legislators also covers genetic information, along with unique biometric data generated from measurements or technical analysis of human body characteristics used by the owner or licensee of the data to identify or authenticate the consumer, such as a fingerprint, retina or iris image, or other unique physical representation or digital representation of biometric data.
Finally, the Vermont law covers health records, records of wellness programs or a “similar program of health promotion or disease prevention,” health care professionals’ diagnosis and treatment information, and health insurance policy numbers.