Vermont Senate passes H211 tightening rules for data brokers, raises registration fees
May 28, 2026 | SENATE, Committees, Legislative , Vermont
This article was created by AI summarizing key points discussed. AI makes mistakes, so for full details and context, please refer to the video of the full meeting. Please report any errors so we can fix them. Report an error »
The Vermont Senate voted to pass H211 on May 28, 2026, advancing new state rules for data brokers that broaden what counts as brokered personal information, require registration and higher fees, and add security-breach notice obligations.
Senator from Chitten, reporting for the Senate Economic Development, Housing and General Affairs Committee, told colleagues the bill widens the definition of “brokered personal information” to include information linked to an identified individual or a device tied to a household and adds definitions such as precise geolocation processor and sale. He said the bill would require data brokers doing business in Vermont to register within 30 days and raise the annual registration fee (the committee and finance reports set the new fee at $900), require a $20,000 bond to run to the state, and strengthen penalties for registration and reporting failures. The bill also adds a Data Broker Security Breach Notice provision requiring brokers to notify consumers within 45 days of a breach and the attorney general within 14 days, with enforcement through the Vermont Consumer Protection Act.
The committee removed a mandatory deletion-mechanism requirement and instead charged the Secretary of State with studying the feasibility of a centralized deletion tool; the original bill had proposed a $50,000 appropriation to help the Secretary of State stand up the study and an accessible deletion mechanism. Senator from Chitten and the Finance Committee described the study as a way to determine whether Vermont should build its own platform or piggyback on an existing state-level system. The appropriations committee recommended striking the $50,000 appropriation and inserting adjusted effective dates; the Senate adopted that recommendation before passage.
Senators raised questions on the floor about enforcement and scope. Senator from Windsor said many large, third-party data brokers operate “mostly in the dark,” collecting information from public records and online activity without a direct consumer relationship. "Consumers never actually agreed to provide these companies with their information in the first place," the senator said, arguing the bill corrects a market failure. The reporter cited LexisNexis as an industry example during questioning.
Senators also debated adding a judiciary member to the state’s cybersecurity advisory council; concerns about conflicts were raised and referred to the institutions committee for follow-up. The final bill also includes provisions from H650 to require education-technology providers used in Vermont schools to provide registrant information and privacy policies to the Secretary of State.
Procedural steps on the floor included a voice vote to suspend rules to take up H211 for immediate consideration, adoption of the appropriations committee amendments, ordering the third reading, and a voice vote to pass H211 in concurrence with the committee proposal of amendment. After passage, the Senate moved to message the action to the House.
What’s next: The data-broker sections of H211 are slated to take effect January 1, 2027, and other sections are set to take effect July 1, 2026, as amended on the floor. The Senate removed the $50,000 appropriation and directed the Secretary of State to study an accessible deletion mechanism and report back; the transcript notes a study-report deadline originally contemplated for December 1, 2028 (as described in the committee report).
Senator from Chitten, reporting for the Senate Economic Development, Housing and General Affairs Committee, told colleagues the bill widens the definition of “brokered personal information” to include information linked to an identified individual or a device tied to a household and adds definitions such as precise geolocation processor and sale. He said the bill would require data brokers doing business in Vermont to register within 30 days and raise the annual registration fee (the committee and finance reports set the new fee at $900), require a $20,000 bond to run to the state, and strengthen penalties for registration and reporting failures. The bill also adds a Data Broker Security Breach Notice provision requiring brokers to notify consumers within 45 days of a breach and the attorney general within 14 days, with enforcement through the Vermont Consumer Protection Act.
The committee removed a mandatory deletion-mechanism requirement and instead charged the Secretary of State with studying the feasibility of a centralized deletion tool; the original bill had proposed a $50,000 appropriation to help the Secretary of State stand up the study and an accessible deletion mechanism. Senator from Chitten and the Finance Committee described the study as a way to determine whether Vermont should build its own platform or piggyback on an existing state-level system. The appropriations committee recommended striking the $50,000 appropriation and inserting adjusted effective dates; the Senate adopted that recommendation before passage.
Senators raised questions on the floor about enforcement and scope. Senator from Windsor said many large, third-party data brokers operate “mostly in the dark,” collecting information from public records and online activity without a direct consumer relationship. "Consumers never actually agreed to provide these companies with their information in the first place," the senator said, arguing the bill corrects a market failure. The reporter cited LexisNexis as an industry example during questioning.
Senators also debated adding a judiciary member to the state’s cybersecurity advisory council; concerns about conflicts were raised and referred to the institutions committee for follow-up. The final bill also includes provisions from H650 to require education-technology providers used in Vermont schools to provide registrant information and privacy policies to the Secretary of State.
Procedural steps on the floor included a voice vote to suspend rules to take up H211 for immediate consideration, adoption of the appropriations committee amendments, ordering the third reading, and a voice vote to pass H211 in concurrence with the committee proposal of amendment. After passage, the Senate moved to message the action to the House.
What’s next: The data-broker sections of H211 are slated to take effect January 1, 2027, and other sections are set to take effect July 1, 2026, as amended on the floor. The Senate removed the $50,000 appropriation and directed the Secretary of State to study an accessible deletion mechanism and report back; the transcript notes a study-report deadline originally contemplated for December 1, 2028 (as described in the committee report).
View the Full Meeting & All Its Details
This article offers just a summary. Unlock complete video, transcripts, and insights as a Founder Member.
✓
Watch full, unedited meeting videos
✓
Search every word spoken in unlimited transcripts
✓
AI summaries & real-time alerts (all government levels)
✓
Permanent access to expanding government content
30-day money-back guarantee
