What is the ‘Vermont Financial Privacy Act’?

VERMONT Image from page 183 of -The Architect & engineer of California and the Pacific Coast- (1905) — IABI

The Vermont Financial Privacy Act (VFPA) was enacted to protect the privacy of customers of Vermont’s financial institutions ‘without unduly inhibiting the free flow of commerce or legitimate law enforcement activities’. It regulates the treatment of nonpublic personal information about consumers by financial institutions by:

• requiring notifications to individuals about privacy policies and practices;
• establishing conditions for the disclosure of nonpublic personal information about consumers to nonaffiliated third parties; and
• requiring consumer consent prior to disclosing that information, subject to certain exceptions and exemptions.

See, Statement of Policy 8 V.S.A. § 10201 and Regulation B-2018-01 Section 2(A)

As opposed to the GLBA, VFPA does not include a Safeguards Rule.

Effective day: VFPA become effective on Jan 1st, 2001. Full compliance is required. (See, 8 V.S.A. § 10203)

Relationship with other laws:

• VFPA is not preempted by GLBA
• The Federal Credit Report Act (FCRA) preempts VFPA
• VFPA does not modify, limit, or supersede HIPAA but FI’s subject to VFPA are prohibited from making disclosures of certain health data without the…