Committee hears testimony on H.342 to let public-facing officials opt out of data-broker listings

A state legislative committee on April 23 heard testimony on H.342, a bill that would let certain public-facing state employees and their immediate family members instruct data brokers not to disclose their personal information and create enforcement paths if brokers fail to comply.

The bill would give covered individuals a statutory right to notify a data broker and require the broker to stop disclosure; if a broker fails to act within 15 days the bill provides a private right of action. Assistant Attorney General Sarah Aceres, of the Attorney General’s Office Consumer Protection Unit, told the committee the office also would have authority to adopt implementing rules and monitor for statewide trends that could lead to enforcement on behalf of the state.

“A private right of action is in the bill,” Aceres said, adding that the Attorney General’s Office brings enforcement actions only on behalf of the state and not on behalf of individual consumers. “We do not bring them on behalf of individuals. We really do have to see a trend where there are lots of Vermonters affected by a certain bad actor in order for us to bring enforcement actions.”

Why it matters: proponents said the bill is aimed at reducing targeted threats against judges, law enforcement and other public servants by removing easily accessible contact and location data from commercial databases. Opponents and witnesses warned the bill could create implementation and court-capacity problems if many suits follow noncompliance.

Key debate points

Notice and delivery: Several senators pressed whether a notice must be sent to a data broker’s registered agent (the entity legally designated to receive service) rather than to a generic email address on a website. Senator (unnamed) suggested statutory language could require use of a registered agent to reduce disputes about whether a broker actually received a notice; Assistant Attorney General Aceres said the office would consider a standardized form and that the Secretary of State’s data-broker registry might list registered agents.

Timing to cure: The bill’s 15‑day compliance window drew questions about whether 15 days is sufficient for brokers, particularly larger firms processing many requests. Tom Sullivan, chief superior judge, warned the short cure period could lead to many lawsuits and urged caution: “If you delayed the private cause of action and allow[ed] the attorney general to monitor and determine what is the actual problem,” courts and the state could better assess whether additional capacity is needed.

Private right of action and court impact: Sullivan told senators that New Jersey has seen heavy litigation under its Daniel’s Law analog and that those suits can result quickly. He said, “In February of 2024, there were 140 separate lawsuits filed in the state of New Jersey under their Daniels Act,” and described the statute’s statutory-damages framework: a $1,000 statutory award per violation absent proof of actual harm, with additional remedies and attorneys’ fees available for proven damages. He warned such filings could meaningfully increase workload in Vermont courts and asked the legislature to consider sequencing or supervisory safeguards if a private right of action is enacted.

Public-safety tradeoffs and other protections: Judge Sullivan emphasized that removing listings from data brokers is only one tool for protecting public servants, noting other steps such as home-security grants. He said a federal program provides up to $2,500 for a home security system and $800 per year for monitoring in some contexts and suggested legislators might consider funding assistance alongside data-removal rights.

Private-sector implementation: Matt Adkisson, founder of Atlas Data Privacy Organization, which provides opt-out and removal services, said his group has handled hundreds of enforcement actions under Daniel’s Law in New Jersey and that consolidated litigation and private services have helped covered people exercise rights there. “The threat environment for judges and other public officials we protect is bad and getting worse rapidly,” Adkisson told the committee, and he urged lawmakers not to let implementation obstacles block the bill’s protections.

What the Attorney General’s Office said: Aceres said the office plans to provide a standardized form for notices, similar to its security-breach notice form, and that stakeholders could be consulted on its design. She reiterated the AG’s role is statewide enforcement, not individual representation, and said the office could use registration and monitoring authority to identify high-volume bad actors.

Committee action and next steps: Committee members agreed to transfer H.342 to the committee of jurisdiction, Institutions, for further work and stakeholder input. No formal floor vote on passage was recorded in the transcript; committee members said they would refine language on notice, registered agents and implementation logistics and consider testimony from New Jersey officials and the Secretary of State’s business division on how registered-agent processes work.

The hearing produced a mix of support for the bill’s protective aims and caution about operational and legal consequences. Committee members signaled they will pursue follow-up hearings and drafting changes before final action.