Michael Young writes:
On May 13, 2013, Vermont Governor Peter Shumlin signed H.513 into law. The new law includes an amendment to Vermont’s Security Breach Notice Act, 9 V.S.A. § 2435. Previously, under § 2435, Vermont-regulated financial institutions were exempt from notifying any Vermont authority in case of a security breach involving personally identifiable data. The new law provides that entities regulated by Vermont’s Department of Financial Regulation “shall provide notice of a breach to the Department [of Financial Regulation].”
[…]
The North Dakota legislature has also been occupied with data privacy by expanding the definition of “personal information” within its breach notification law. Under the new definition of House Bill No. 1435, both “health insurance information” and “medical information” have been added to the definition of “personal information.”
Read more on Data Privacy Monitor.