How Does Vermont Define a Data Broker?

Home » How Does Vermont Define a Data Broker?

Under Vermont Data Broker Law, a “data broker” is generally defined as a business that knowingly collects and sells or licenses to third parties the personal information of consumers with whom the business does not have a direct relationship.

The definition centers on two key elements:

No direct relationship with the consumer whose information is collected
Sale or licensing of personal information to third parties

A “direct relationship” typically means the consumer intentionally interacts with the business – such as by making a purchase, creating an account, subscribing to a service, or otherwise knowingly providing information directly to the organization.

Businesses that obtain personal information from third-party sources and then resell, license, aggregate, or distribute that information may fall within Vermont’s statutory scope.

Vermont’s law also includes specific exclusions and registration-related disclosure requirements. Because statutory definitions differ across states, organizations should conduct and document a formal applicability analysis specific to Vermont rather than relying on assumptions based on other jurisdictions.

For implementation guidance, governance documentation templates, and audit-readiness support, visit the CLIClaw Data Broker Compliance Library.