Vermont Offers Businesses Two Confusing Options For Notifying the Vermont AG of Security Breaches

Nathan D. Taylor writes:

Last year, Vermont amended its security breach notification law to join the growing list of states that require notice to the state attorney general or other state regulator regarding security breaches. Unlike other states, Vermont offered businesses two options with respect to how and when notice must be provided to the Vermont attorney general (AG). These options are based on whether a business has made a sworn affirmation to the AG regarding its information security practices. This article describes the Vermont AG notice requirement (as well as the AG’s interpretation of this requirement), the sworn affirmation form issued by the AG, and the pros and cons associated with making the sworn affirmation.

Read his discussion on Bloomberg BNA Privacy & Security Law Report.

Resource: HoganLovells Asia-Pacific Data, Privacy and Cybersecurity Guide 2025
Australian ransomware victims now must tell the government if they pay up
HHS OCR Settles HIPAA Security Rule Investigation of BayCare Health System for $800k and Corrective Action Plan
FTC Finalizes Order with GoDaddy over Data Security Failures
HHS Office for Civil Rights Settles HIPAA Cybersecurity Investigation with Vision Upright MRI
Treasury agrees to block additional DOGE staff from accessing sensitive payment systems

Related: