Could you be a “data broker”? The broad statutory definition of a “data broker,” is one of the more notable components of Vermont’s new data broker law, which took effect on January 1, 2019, and is the first U.S. state legislation expressly focused on data brokers. The new law requires any business that falls within the definition of “data broker” to register annually with the state of Vermont, report on security breaches and meet certain minimum data security requirements. With insight from Sheppard Mullin, we examine these requirements and what they mean for covered entities. See also our three-part series on a fund manager’s road map to big data: “Its Acquisition and Proper Use” (Aug. 8, 2018); “MNPI, Web Scraping and Data Quality” (Aug. 15, 2018); and “Privacy Concerns, Third Parties and Drones” (Aug. 22, 2018).