Nathan D. Taylor writes:
Last year, Vermont amended its security breach notification law to join the growing list of states that require notice to the state attorney general or other state regulator regarding security breaches. Unlike other states, Vermont offered businesses two options with respect to how and when notice must be provided to the Vermont attorney general (AG). These options are based on whether a business has made a sworn affirmation to the AG regarding its information security practices. This article describes the Vermont AG notice requirement (as well as the AG’s interpretation of this requirement), the sworn affirmation form issued by the AG, and the pros and cons associated with making the sworn affirmation.
Read his discussion on Bloomberg BNA Privacy & Security Law Report.