We originally published this post on our Online Privacy Blog, but we’ve updated it here as the story has progressed. (Originally published: May 30, 2018)
In May 2018, Vermont became the first U.S. state to regulate data brokers that buy and sell personal information of consumers. Until now, major data brokers like Whitepages, BeenVerified, and MyLife have operated with little to no surveillance. In June, California enacted the strongest data privacy laws in the nation, allowing customers to ask businesses to reveal the personal information it gathers on them and block the businesses from selling the information. These laws are meant to provide a layer of protection to consumers, as well as hold these companies accountable.
Vermont’s Laws Regulating Data Brokers
Data brokers crawl the web for personal information from public sources, like government records and social media. They collect this information and compile it into personal listings, which they post on their own sites. This makes personal information, like your address and phone number, easy to find from just a quick Google search.
There are four main components to Vermont’s new privacy law:
- The elimination of credit freezing or un-freezing fees. If you’ve ever been a victim of a data breach, you were probably told to contact the major credit reporting agencies and file for a “credit freeze”, which would block anyone from opening a new line of credit in your name. In turn, you would have to remove the freeze if you wanted to then open a new line of credit. These agencies usually charge a fee of $5-20 to freeze or unfreeze an account, which can become a burden if you are involved in multiple breaches.
- It is now illegal to fraudulently acquire personal information for any reason, but especially for stalking, harassment, ID theft, or discrimination. While these activities are likely already illegal under several other state and federal laws, this section clarifies the law further, banning illegal acquisition and use of personal data for the purpose of discrimination.
- Minimum data security measures are now clearly defined. Data brokers must now stay up-to-par in their security proceedings, which is especially important for businesses that regularly deal with a large amounts of personal data.
- Transparency about data brokers. The state of Vermont now requires data brokers to be clearer, and better inform consumers on exactly what kinds of data they collect, and provide clear instructions for how to opt out.
Unfortunately, it often takes a big scandal, like the Equifax data breach or the Facebook and Cambridge Analytica story to get people to understand the importance of data security and privacy. White GDPR in effect in the EU and new data privacy laws in California, it seems governments are finally beginning to make a concerted effort to address data security.
California Consumer Privacy Act
California’s new privacy law is similar to GDPR, the online privacy regulation passed earlier this year in the EU.
There are four main components:
- Right to deletion. The consumer has the right to have their information deleted by the company that holds it.
- Right to knowledge. The consumer has the right to know what information is being collected by a company, and to whom it is sold or disclosed.
- Right to opt out. The consumer has the right to opt out of having their information sold, and the company is then not allowed to give them lessened service.
- Bans companies from selling data on users under 16 years old.
The law applies to any entity that does business in California and also
- Makes over $25 million per year, OR
- handles the personal information of 50,000 or more consumers, households, or devices, OR
- gets 50% or more of its yearly income from selling consumers’ personal information.
What’s especially nice about the law is that a lot of the sites we use- such as Facebook or Google, fit these criteria, and will likely change their policies for everyone.
DeleteMe vs Data Brokers: Remove info from Whitepages, Remove info from Google
While data security laws have already been passed in our home state of Massachusetts, the Commonwealth has yet to address data brokers as a whole. Abine, Inc. applauds the states of Vermont and California for their efforts to protect consumer data and privacy.
For eight years, DeleteMe has helped individuals opt out of the largest data broker sites; we’ve processed over 10 million consumer opt outs. DeleteMe by Abine can remove personal information from Whitepages, Spokeo, and many other leading data brokers. By removing the source information from these sites, DeleteMe prevents Google from displaying your personal information in their search results.
Abine, Inc. is The Online Privacy Company. Founded in 2009 by MIT engineers and financial experts, Abine’s mission is to provide easy-to-use online privacy tools and services to everybody who wants them. Abine’s tools are built for consumers to help them control the personal information companies, third parties, and other people see about them online.
DeleteMe by Abine is a hands-free subscription service that removes personal information from public online databases, data brokers, and people search websites.
Blur by Abine is the only password manager and digital wallet that also blocks trackers, and helps users remain private online by providing ‘Masked’ information whenever companies are asking for personal information.
Abine’s solutions have been trusted by over 25 million people world.