Printer Friendly, PDF & Email

Pandemic Slows But Doesn't Derail State, Federal Efforts to Pass Privacy Legislation

As the COVID-19 pandemic took hold earlier this year, state lawmakers shifted their legislative priorities to virus relief efforts rather than privacy legislation. But focus could return late in 2020 or early in 2021, as policymakers at both the state and the federal level consider new privacy legislation.

Despite the pandemic, several states[1] have enacted new privacy laws over the past six months, including Vermont[2] and Maine. Nevada approved a new law in late 2019.

Amendments to Vermont’s data breach notification law went into effect July 1 and include additions to the definition of “personal information.” When combined with a consumer’s first name or first initial and last name, personal information now includes various government identification numbers, such as a taxpayer identification number, passport number, military identification card number or another ID number that originates from a government identification document that is commonly used to verify identity for a commercial transaction.

The law approved by Vermont legislators also covers genetic information, along with unique biometric data generated from measurements or technical analysis of human body characteristics used by the owner or licensee of the data to identify or authenticate the consumer, such as a fingerprint, retina or iris image, or other unique physical representation or digital representation of biometric data.

Finally, the Vermont law covers health records, records of wellness programs or a “similar program of health promotion or disease prevention,” health care professionals’ diagnosis and treatment information, and health insurance policy numbers.

This document is only available to subscribers. Please log in or purchase access.