The state of Vermont in the US has passed a law to crack down on data brokers, TechCrunch reported.
Under the new legislation, companies in Vermont which collect and sell personal data must register with the state, have to put certain minimum security measures in place, and notify the authorities about security breaches.
Using data obtained from a data broker for criminal purposes is now regarded as its own offence, which the state can prosecute.
While private data such as medical records and credit scores are regulated in the United States, data brokers have used loopholes to build “shadow profiles” of people, which they sell.
Loopholes include using data such as shopping habits, where people live, and whether they own or rent a home. Companies would also make educated guesses about medical conditions, based on the medicine purchased at local pharmacies.
According to the report, Facebook was among those which would buy this data.