Data broker oversight has become a focal point for legislators across the country, with the policy conversation shifting toward creating standardized registration systems and central consumer opt out mechanisms similar to those found in the California DELETE Act, which requires compliance beginning August 1. These legislative efforts represent a significant change in the regulatory landscape for companies that manage consumer data as a core part of their business model.
Legislative Spotlight
- Alaska HB 367: This omnibus privacy bill includes specific provisions for data broker oversight. The current draft requires entities to register annually with the state and outlines penalties for failing to meet new data safeguarding standards.
- Connecticut SB 4: This legislation proposes a centralized deletion mechanism. This tool would allow residents to request the removal of their personal data from all registered brokers through a single deletion mechanism. Data brokers would be required to access the mechanism at least once every 45 days. The bill is pending delivery to Democratic Gov. Ned Lamont, who is expected to sign the legislation, CT Mirror
- Vermont HB 211: The legislation focuses on tightening the rules for entities that buy and sell personal information within the state. While the original data deletion mechanism provisions have been sent to a study, data brokers would still be required to maintain verification procedures that require prospective customers to identify themselves, state the purposes for which the information is sought and certify that the information will not be used for any other purposes. The bill would grant the attorney general rulemaking authority and provide for a private right of action.
- Virginia HB 638: This legislation has been continued to the legislature’s 2027 session and would impose a $100,000 annual registration fee for data brokers.
Key Provisions Under Consideration
- Annual Registration Requirements: Many bills require companies to join a public registry maintained by the state.
- Centralized Deletion Mechanisms: Following the California model, some states are exploring one stop shop portals. These would allow a single request to trigger data deletion across all registered brokers simultaneously.
- Broadened Definitions: These data broker regulations often expand the legal definition of a broker, potentially capturing businesses that consider data sales a secondary revenue stream rather than their primary purpose.
The State and Federal Context
The absence of a single federal privacy standard has led to a patchwork of state regulations. This environment creates a complex compliance challenge for national corporations that must navigate varying registration fees and technical requirements. While consumer advocates argue these measures are necessary for transparency, industry groups often express concern over the administrative burden and the potential for unintended economic consequences.
FOCUS will continue to monitor developments on data broker legislation across the country.
by Austin Young 5/11/26
