General Liability Insurance
Professional Liability Insurance
Errors and Omissions Insurance
Cyber Liability / Data Breach Insurance
Workers' Compensation Insurance
Business Owner’s Policy
Data Breach Insurance
Certificate of Liability Insurance
Additional Insurance Offerings
4.9 out of 5 Customer Rating
Get in-depth information on essential insurance coverages.
Certificate of Liability insurance
Businesses that store, collect, or otherwise handle protected information of Vermont residents must inform their customers any time their data is exposed. If protected data (names, SSNs, financial info, etc.) is lost in a breach, businesses have to notify
customers within 45 days. In addition, businesses have to send a copy of their customer notification to a consumer reporting agency within 14 days of the breach.
Name of Law / Statute
Definition of Protected Information
Combination of (1) name or other identifying info, PLUS (2) one or more of these "data" elements: SSN; driver's license number; or account number, credit card number, debit card number if accompanied by PIN, password, or
Who Is Subject to Law?
Business entity or retail establishment that handles, collects, or otherwise deals with PI
Notification of Consumers?
Yes (within 45 days of discovery of breach)
By what means?
Written, phone, or electronic; if >1,000 residents, must notify consumer reporting agencies
Substitute Notice Threshold?
if cost of notice >$5000 or involves >500k residents
Notification of authorities / regulators required?
Yes (within 14 days of discovery or consumer notice, whichever is sooner)
Copy of the notice to consumers
Up to $10,000/violation
Credit monitoring requirement?
Must provide advice
Private lawsuits allowed?
Private damages cap?
Injunctions only; no damages
Regulatory actions allowed?
HIPAA Compliance exemption?
Other (e.g., timeframe)
Law does not apply if PI was encrypted or otherwise secured or modified to protect PI
Link to complete law
Vermont's data breach law
Read the full text of Vermont’s data breach law.