Close Close

Regulation and Compliance > State Regulation

Vermont Sets Stricter Privacy Rules

Your article was successfully shared with the contacts you provided.

NU Online News Service, Nov. 7, 4:15 p.m. – The Vermont Department of Banking, Insurance, Securities and Health Care Administration is about to impose new rules designed to tighten customer privacy protections by banks, insurance companies and securities dealers.

The new regulations would require actual customer consent before financial firms can share personal information with third parties, except in certain limited circumstances. Department Commissioner Elizabeth Costle says she expects the rules, just filed with the state’s Secretary of State, to be adopted in the next few days.

Costle says the rules will provide consumers with the best protection of their personal information of any state. They would forbid financial institutions to share consumers’ personal information with subsidiaries or outside third parties unless the consumers knowingly agree to let them do so. In contrast, federal privacy requirements under the Gramm-Leach-Bliley Act of 1999 allow financial institutions to share the information unless consumers specifically ask them not to. The GLB Act also allows states to adopt their own privacy laws.

The basic requirement of Vermont’s new rules is that financial institutions must tell new customers about the type of information they collect on customers, and whether and to whom they intend, to disclose the information, if the customer assents.

The rules would also restrict the information that may be disclosed in joint marketing programs with other companies to customer name, contact and transaction and experience information under the federal Fair Credit Reporting Act.

The regulations will be posted on the department Web site,, upon adoption. They are expected to be effective in mid-November, the commissioner says.