Privacy News: Historic Data Broker Regulation in the US Welcomed by World Privacy Forum

PDF Version of Release here

24 May 2018 

For Immediate Release

Historic Data Broker Regulation in the United States Welcomed by World Privacy Forum

  • Vermont: First state to adopt modern rules for unregulated data brokers
  • WPF call for data broker protections to be elevated to national level and provided for consumers in all states in the US

Oregon, United States: The state of Vermont has passed the nation’s first data broker regulation, H764, ‘An Act Relating to Data Brokers and Consumer Protection’. The news has been welcomed by privacy and data protection champions, The World Privacy Forum today.

The World Privacy Forum have campaigned tirelessly over the last seven years to bring attention to the vulnerabilities and gaps in consumer protection law in relation to data brokers. Pam Dixon, founder of the organisation,who has provided several testimoniesto the US Congress, including the US Senate Commerce Committee,believes this overdue legislation will go a long way to protecting consumers from often unscrupulous practices.

“I’ve seen first-hand the profound harms data brokers can create in peoples’ lives, and this legislation is the first of its kind in the nation to respond to the problem,” said World Privacy Forum Executive Director Pam Dixon.

“The legislation provides new protections for consumers and is a historically important piece of privacy legislation.”

The new law provides important new consumer protections:

  • Data brokers will be required to register in the state of Vermont
  • The law expressly prohibits the acquisition of personal information with the intent to commit wrongful acts such as stalking, harassment, fraud, identity theft, or discrimination
  • Consumers will be able to freeze and unfreeze credit reports without a fee
  • Data brokers will be required to adopt an information security program with appropriate technological, physical, and administrative safeguards
  • Data brokers will be required to give security breach notification

Pam Dixon calls for more action: “Vermont has set the bar for consumer protection and we call for this vital protection to be given to all citizens in the US. In the wake of the Facebook/Cambridge Analytica data scandal, we have all seen thepressing need for increased consumer data protections.”


– Ends –


Notes to Editors

  • Pam Dixon is available for interview

Contact details:

Hayley Jayawardene

07813 346395


About Pam Dixon

Pam Dixon is the founder and Executive Director of the World Privacy Forum. She is the author of eight books, hundreds of articles, and numerous privacy studies, including her landmark Medical Identity Theft study. She has testified before Congress on consumer privacy issues as well as before federal agencies.

Dixon has testified before the US Congress, including the Senate Judiciary Committee, as well as the US Federal Trade Commission and other agencies on prominent consumer privacy issues, including issues related to data brokers, identity, health privacy, genetic privacy, the Common Rule, facial recognition, and online and offline privacy. Dixon is an expert advisor to the OECD regarding health data uses, and she serves on the editorial board of Harvard’s Journal of Technology Science. She is a member of the Biometric Institute, where she serves on the privacy committee. Dixon was formerly a research fellow at the Privacy Foundation at Denver University’s Sturm School of Law. She has written 8 books, including titles for Random House / Times Books, among other major publishers. Her most recent book, Surveillance in America, was published in 2016 by ABC-CLIO books.


About the World Privacy Forum

The World Privacy Forum is a non-profit public interest research and consumer education group focused on the research and analysis of privacy-related issues. The Forum was founded in 2003 and has published significant research and policy studies in the area of privacy, specifically relating to the key areas of health, predictive analytics, and AI, regulation, biometrics, identity, financial privacy, and data brokers among additional areas of inquiry.