Newly Introduced Privacy Bills
In Kentucky the Legislature introduced and referred to the Banking and Insurance Committee SB 333, An Act Relating to Security of Personal Information and Declaring an Emergency. The bill requires encryption by Consumer Reporting Agencies (CRA) for all electronic data contained in consumer files and reports (in its possession or control, held by third party agents, or in transit to third parties), and notification to affected State residents of breaches of their personally identifiable information without unreasonable delay. The bill also imposes obligations on third party agents to notify the CRA of breaches as soon as practicable (but no later than 72 hours following discovery).
New Hampshire House Bill 1750, An Act Relative to an Expectation of Privacy in Personal Information, has been introduced in the New Hampshire legislature and referred to the Judiciary Committee. The bill if enacted would be effective July 1, 2018. This bill would enact chapter 507-H concerning the expectation of privacy in personal information by establishing an expectation of privacy in personal information while prohibiting the government from acquiring, retaining, or using personal information with certain specific exceptions.
Vermont Senate Bill 289, the Vermont Broadband Internet Privacy Act, was introduced and referred to the Senate Committee on Energy and Technology. If enacted, it imposes on ISPs an obligation (subject to described exceptions) of obtaining a customer’s opt-in or opt-out consent via a simple and understandable mechanism for the ISP’s processing of customer proprietary information