State Regulatory Developments

Vermont Adopts New Information Privacy Regulation

The Banking Division of Vermont’s Department of Financial Regulation has updated and modified existing regulatory requirements concerning the treatment of nonpublic personal information about consumers by financial institutions.  The updated regulation took effect on March 15, 2018.

Regulation B-2018-01 protects consumer information by requiring financial institutions to provide notices about privacy policies and practices, prohibiting the disclosure of nonpublic personal information about consumers to nonaffiliated third parties except on certain conditions, and requiring financial institutions to obtain consumer consent prior to disclosing certain information.

Changes from the previous version, Regulation B-2015-02, create an exception to the annual privacy notice requirement if certain conditions are met, corresponding to recent changes in federal requirements for privacy notices.  Generally, a financial institution is not required to send annual privacy notices to customers if:  (1) it does not share information in a manner that would require an opt-in or opt-out; (2) it has not changed its policies or procedures from the most recent privacy notice provided to customers; and (3) it posts its privacy policy on its web site.

The new regulation also removes language regarding certain other alternative methods for delivering annual privacy notifications.

Regulation B-2018-01 may be viewed here.