Vermont Legislature House Commerce - 2026-04-30

Meetings

Call to Order and Overview (00:00:02)
Chair Marcotte reconvened the committee, noted the date/time, and outlined that the hearing would continue testimony on S.71 (consumer data privacy).
S.71 Testimony: Jody Daniels, Red Clover Advisors (Part 1) (00:00:40)
Jody Daniels presented her background and provided an industry-wide lens on operationalizing privacy laws, consumer concerns, and common compliance challenges.
S.71 Testimony: Jody Daniels, Red Clover Advisors (Part 2) (00:15:36)
Q&A covered data minimization, data inventory, vendor due diligence, timelines and cure periods, sensitive data standards, keystroking/analytics, and aligning with other states.
S.71 Testimony: Bill Calfee, Mighty.com (00:31:11)
Calfee described Mighty’s local-retail platform, supported banning surveillance-based tracking, contrasted practices of large tech firms, and answered compliance and customer data questions.
S.71 Testimony: Molly Mahar, Ski Vermont (Part 1) (00:45:51)
Mahar outlined concerns with draft 2.3’s data minimization language, potential limits on targeted advertising, and the need to align with existing state standards to avoid competitive disadvantages.
S.71 Testimony: Molly Mahar, Ski Vermont (Part 2) (01:00:34)
The committee discussed clarifying bill language, comparing Senate-passed and updated drafts, alignment with Connecticut/California, consumer and business education, and data accuracy impacts.
H.327 Ways & Means Amendment Briefing (Part 1) (01:13:08)
Legislative Counsel reviewed Ways & Means changes, including VEGI annual cap adjustments, moving the Rural Industry Grant program into statute, and nickel-rounding notice requirements.
H.327 Ways & Means Amendment Briefing (Part 2) (01:26:51)
Counsel finished with C-PACE effective date and education fund clarifications; the committee then voted to report the amendment favorably and discussed floor timing.

Transcript: Select text below to play or share a clip

[Michael Marcotte (Chair)]: Good morning, everyone. This is the Vermont House Committee on Commerce and Economic Development. It is Thursday, 04/30/2026 at 10:26 in the morning. We're back from a break, and we will now start taking more testimony on S71, which is again the act relating to consumer data privacy and online surveillance. So with us, have Jody Daniel. Jody, good morning. Thank you for joining us.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Good morning. Sound okay? Can you hear me?

[Michael Marcotte (Chair)]: Yes.

[Emily Carris Duncan (Member)]: Awesome.

[Michael Marcotte (Chair)]: So if you would, just state your name and your affiliation and continue on with your testimony.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Sure. I did share a few slides. How do you all see those? Should I share? Do I just speak to them and you have them?

[Michael Marcotte (Chair)]: Well, if you can share, Miriam will make your cohost.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Not a lot.

[Michael Marcotte (Chair)]: Okay.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Everyone good?

[Michael Marcotte (Chair)]: Yes.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Amazing. Okay. Thank you. So just a few slides, and then I'll stop sharing, and we can continue having a discussion. So thank you so much for allowing me to participate today. My name is Jody Daniels. I'm the founder and CEO of a privacy consulting firm called Red Clover Advisors. I've been doing this business thing for twenty seven years and have experience at personally working at four large companies from accounting, finance, strategy, media, targeted advertising, and privacy, which I'm going to talk a little bit about. And from there I think is what my unique lens to this conversation will be. I spent time in media when I was an early on auditor as well as a full time employee as active clients here today, really familiar with how the media space has transformed over the last several decades. I stood up a targeted ad network from scratch quite honestly before some of the large big tech companies were doing this. Also really familiar with what ad tech means and how that industry operates today, also working with clients predominantly on the business side as well as agencies as they're utilizing this technology. And I've spent the last fifteen years now in privacy. I built a privacy program from the ground up at Cox Automotive, a large organization and then I moved over to a highly regulated financial organization and saw what privacy is able to do in that type of environment as well as actually corporate strategy. So I think when we think about all of these organizations and businesses and companies trying to conduct business, whether they're nonprofit to profit, that strategy piece, the finance, the media, the ad tech, privacy all really blends itself together, which brings me to what I do today and the unique lens that I think I can help offer, which is that we're working with companies to help operationalize various privacy laws. I say here actually US state privacy laws. The truth is we're also helping with global laws as well. Working with startups to Fortune 500 in numerous industries, digital media, professional services, which might include accounting firms, law firms, agencies, staffing firms, retail, which might be brick and mortar as well as online, food franchise companies, which is going to have your local operator as well as the larger parent organizations, B2B tech, B2C tech, manufacturing. Just about almost every gamut of the industries, we have been able to help them. When we think about privacy laws like the one we're here to talk about today, we tend to break down all of those core requirements into these common buckets. And when we're working with companies, we're trying to identify across all the various laws how they line up to be able to help a company actually exercise what does it mean for a privacy notice, what does it mean for a privacy right. So that's what I'm spending my day doing is operationalizing all of these things. And it brings to mind a few of the consumer concerns and some of the areas that I thought we might be able to discuss. It really is, in my opinion, balancing consumer concerns and business needs. There are a lot of companies that are trying to do the right thing out there and want to protect their individual data, their customer data, their prospect data. At the same time, we have a massive marketing and advertising ecosystem that is incredibly complex and a significant part of businesses today. Ad tech is just a very complex multi decade web that we have. At the same time, we have consumer data that is often inaccurate, that is a part of this ecosystem. There is a lack of consumer awareness with what is happening. I often use my friends and family around me to ask them what do they understand about digital trackers or privacy or explain what I do and they really have no idea. They don't understand cookie banners. They don't understand trackers. They don't know how to opt out. Consumers are also not in control of their data. This is an incredibly important piece. And of course, privacy rights and various laws are trying to address these. And there has been an abuse of data by companies. There are certainly companies that have pushed the envelope too far. They've used data in ways that consumers hadn't expected. They didn't properly disclose it. This might have been performed from significant targeting and sharing of what might have been deemed sensitive data. And sensitive data in itself has a wide range of definitions, which of course brings us to, well, what can we do and how do we resolve this? A few core questions. How can consumers have control over their data? Truly, how can an individual actually own and really understand and be able to direct what's happening? And where does that make sense for that person to be able to do so? How are consumers educated? Even if privacy laws have privacy rights, how are consumers informed about what those are and what they can do with them? And how can companies still market, still be able to reach prospects, be able to upsell from product one to product two and so on without abusing the data collected. And I do feel like there is an opportunity to be able to do so. The last piece from a slide point of view I wanted to talk about is a little bit of trying to build privacy programs and what it takes for companies to be able to do this. Companies truly are trying to build privacy programs to comply with privacy laws and that are sustainable for new laws or amendments that might come along so that they create a base and they're able to add what is new or different where applicable. It's my understanding that there might be some questions around the cost of complying with a privacy program, and this really varies depending on the type of data the company collects, uses, stores, and shares. The more personal information or the more sensitive the data, the more unique use cases, the more complex the program, which is where the cost increases. The cost is not always tied to the size of an organization. It is really tied to the type of data that is processed. And those companies who maybe haven't had to ever build a privacy program, there might be some local companies who haven't really had to do this, there is a setup cost. Again, it varies depending on the size of the organization. And those activities are typically number one, understanding the type of data that they have. The sophistication of that company is going to determine how easy or not easy that's going to be. Privacy notices are a big part, privacy rights like we've been talking about, digital tracker, cookie consent software. There's some minimal software that is likely involved and of course hopefully managing vendors and other obligations that are there. So there is a little bit of a lift that might happen and is very dependent on the type of company and what it is facing. The biggest challenges that I see are probably the topics of discussion here today, which are trying to align definitions and obligations across all the different laws that they need to comply with. And the biggest topics, and I promise I did not use AI to try and make this look like a beautiful pyramid, it just happened, which is sale of data, sensitive data, data minimization, targeted advertising, privacy risk assessments, privacy rights, and I really wanted to call out opt outs, even though those are often a subset of privacy rights, and then privacy notices. And sometimes where there's a list of third parties that information needs to be disclosed, like whom did it share it with or where was it sold. These areas, when the variance or the laws deviate, is the biggest challenge for companies to be able to actually operationalize the privacy law in scope for them. So the more that these areas can try and line up with the other states, the easier and greater adoption that a company is able to take on to be able to make sure that it is in compliance with each of its various privacy laws. So with that, I hope that I've given you a little bit of the lens that I can offer, the challenges and opportunities that I see for companies. And with that, I will stop sharing and be able to answer and address any questions that you might have. Thank you, Jody. Questions?

[Edye Graning (Vice Chair)]: Thank you, Jody. I guess one of the things we were just thinking about here is the less data a company has, the easier it is to manage the information. Right? The easier it is to keep it protected, the easier it is to to know kind of everything that you is that accurate or is that or am I thinking too old school and computers do everything for us now and it doesn't happen?

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: I think it's a little bit of both. I think you also have to think about the systems that a company is using. I could have one system and have a lot of records and a lot of fields in that one system, and now I still have one system but a lot of data in that. I could have less. So the concept of less data helps you from a security standpoint is accurate in the sense that if there were ever an incident, whether that be privacy or security, the volume of records is obviously lower. However, the type of data also matters. The security measures that the company has in place also matters. And so I don't think it's only I I don't think anyone should look only at the volume of records. I think it's really important to think about the type of system. I could also pick a startup that has no security measures and have three records in there. Well, that's probably a bad example. I could have a startup with 10,000 records in there. And I could have a significant larger organization that's been around for quite some time and have the same amount of records, which one might be more secure? So I think it's not just the numbers. I think it really matters how our companies and this is why reviewing vendors and having contracts in place and and obligations for a controller to review its processors helps put the onus on the controller to actually say, I've reviewed what system and who this other party is going to go to. That's where that gets picked up. And then internally, this is where a company needs to be understanding what type of data it has. Does it need that data? So retention is where this picks up. There are valid reasons, business reasons as well as legal reasons why companies need to keep data. Part of the challenge is just knowing the data in the first place.

[Edye Graning (Vice Chair)]: So I can see that a company that's been around for ten years and has to make transition to a data minimization system, it could be a little bit challenging to first understand if the data that you have is acceptable for you to hang on to for whatever reason, and then how to effectively delete it in a way that it's still safe. Is that accurate?

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: I would agree with that. I also think that is a practice that companies are are needing to do, whether there's a law telling them to do that or not. And part of that is operational costs. The more data I have, the more it costs me potentially because sometimes systems are based on record and based on volume. From a security standpoint, it is true. The more data I have, the more risk I have. I don't think that's always the driving factor. It just is an actual statement. You also, to be able to have an accurate privacy notice, need to understand the data that is collected and how you're processing it. So whether I the volume of that record doesn't necessarily impact privacy notices, for example, or any of the other obligations, but I have to get to understanding my data. So data minimization is definitely an important piece. To get to that part, I still have to start with what do I have? What systems is it in? Do I need this in the first place? And yes, it would be it is an effort in general to understand the data in an organization. Many of the companies that I work with today are already doing this. They have data governance programs in place to understand all types of data, not just personal information, but company information as well, confidential information, public information. So they're looking at all of that in place. You have companies that are moving from different systems. It's a great time to be able to evaluate what are we doing, do we still need this information, and move from there. And then, of course, from a privacy point of view, we have retention. It overlaps with security. It's also a very big topic these days with AI. Do I need this data? Do I not need this data? What are we doing so that we can change it going forward?

[Edye Graning (Vice Chair)]: One of the things that I've been trying to get a handle on is what's an appropriate timeline to make the transition or the appropriate supports for businesses to put in place. That's part of my I'm asking you this question for my understanding, but also if you have information on that.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Sure. Can I ask for clarification when you mean on the timeline?

[Edye Graning (Vice Chair)]: So if we pass the law, does it go into effect in six months, in twelve months, in eighteen months? What is an appropriate timeline to give businesses? Or does it go into effect right away, but the enforcement has a delay. We don't want to put our businesses in a place where they feel like it's a gotcha moment. That's not at all what this is about. This is about how do we make sure businesses and customers are protected. And so I'm trying to understand that implementation that we make the law we adjust the law for that.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: I really appreciate it. Thank you for clarifying. I would I would say a few things. Those that have had at least one year, sometimes there's been a two year time frame, is incredibly helpful for companies, especially depending on where deviations might take place within your law. For companies who have had to do this and there might not be big deviations, it's just one more. For companies who this might be new for them, it's a lift. And for the larger companies where this might be new, it's definitely a lift. And that year allows them the appropriate time to plot out all of the requirements. If you remember the operational framework that I shared before and how we organize the requirements into those categories, what happens is companies start on these pieces. They start on a data inventory. They start on a privacy rights process. They start figuring out what their enhanced vendor management process might look like. And as much as a company or any of us sitting here might want someone to do it all at the same time, it's not realistic for that to happen. So at least a year, I've seen somewhere it has that two years. And then those that have that cure period is also has always been very helpful.

[Edye Graning (Vice Chair)]: Great. Thank you.

[Michael Marcotte (Chair)]: Thank

[Jonathan Cooper (Member)]: you. I really appreciate the very practical approach of outlining kind of what a program looks like and what the challenges are for businesses, and really highlighting that challenge of where a state law deviates from other states. Wondering if you could reflect and kind of give us your thoughts on how S-seventy one stands now and key places of deviation you may see that could be challenging, could be that extra lift for businesses, say, that are complying in other states and would need to now comply in Vermont as well?

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Yes. I think there's a few. One of those is going to be that strictly necessary, standard in the sensitive data area. And in general when we look at California and it has their reasonably necessary and proportionate, if I think about California and the volume of companies that seems to be whether we like it or not kind of the gold standard in The United States. Globally, it's GDPR, and actually GDPR is a little bit less, where about 15 states have 15 plus have adopted the GDPR philosophy. So then we have California and Connecticut doing a little bit more, and then we have a couple deviations like Maryland and potentially this SB71. So that in particular, I think the closer it could get to an existing standard, closer to a California would make it more easily adoptable and reduce some of the friction for companies with still maintaining even a higher level than many of the other states already here and also higher than even GDPR. And in the privacy community, like I said, when companies are looking to how do I operationalize this, if they're global, they're looking to GDPR and then figuring out the differences for The US. If they're US only, they're looking to California and then adopting the other differences.

[Herb Olson (Member)]: I see. Thank you.

[Molly Mahar (President, Ski Vermont)]: Yep.

[Monique Priestley (Clerk)]: Jody, was just wondering, so I was talking to somebody who's consulting in other states and we were talking specifically actually about Montana and about how in Montana, like the nonprofit community, business community, rightly so, and we're seeing it here, are concerned and worried about needing to comply with this, especially as a first time, but also as it changes. And we're talking about specifically when the threshold went from $100,000 to $25,000 in recent updates, then when nonprofits ended up being covered in Montana, and about how there was this fear at first, but then she actually found that by having a state privacy law that then they could follow, and they could have some rules, and then they could align it with their cybersecurity needs and all that kind of stuff, it actually became helpful to have a set of rules to follow. And I was just curious, do you have you probably have experience, and I guess I'm wondering if you could share of helping customers who are in states that might not have privacy laws or ones that you've worked with that then have them. And just if you could share the experience of that evolution of what does it look like to help a client who's like, all of a sudden they have to do this thing. Can it be helpful?

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: It can. It can certainly be helpful. And I live in a state with no privacy laws, so fully aware of what that looks like. I wanna address a few things. First is in terms of the nonprofit piece. I'm actually grateful that you include nonprofits. Working as a volunteer with nonprofits and see and and as clients, I know the type of data that they have. They have incredibly sensitive data. They have a lot of data, and these are organizations that actually typically don't have great security measures in place in an area where I think they need to have more attention for privacy and security. What happens is a lot of these companies or organizations rather might start with security. They might think I don't want anyone getting to my data. I'm very concerned about that. I don't want a data breach. So we we lock and they do some of the basic security measures, and then that's it. I've talked to a lot of companies. They don't even know the data that they have. What the privacy program then does is help understand and open their eyes to, oh my gosh. We have all this data in all these different They weren't aware. I've also seen, why? Why do we have five CRM systems? These are true statements. Why do we have all of that? Why are we paying multiple different software providers, especially the smaller companies? And by going through the process of finding all the data and understanding what they're doing with it, they're then able to shed things that they don't need anymore, are able to identify any other areas where maybe there's a gap from a security point of view. And sometimes, it's actually even especially in the larger companies, if the security team needs more budget, the privacy team or the privacy requirements rather are sometimes able to help say, we really need these tools. We need security training. We need privacy training. We need to better understand our data. We need these things. It's actually been a way to help fuel within an organization. And in terms of the lift and the level of effort, it goes back to what I had shared originally, which it just really depends on the kind of data that they have. There are some nonprofits. They work on a few Google Sheets. They don't have a lot and an email system. It's not gonna be a massive list to find it all. It's going to be the effort to figure out, wait. Are we doing things in the way that makes sense for the type of data that we have? Do we need all of this data? Did we remove all the contractors from our list that we need here? Now when it comes to some of the other provisions of the bill, things like marketing, which we haven't discussed or any of those, there might be an impact. Absolutely. But in terms of just figuring out how to find the data, the bigger the company, the more complex the data, the absolute bigger lift for sure. For a very small organization that has never done this before and they they don't have a significant amount, it is not insurmountable. And I would compare that to GDPR because GDPR has no threshold. And, again, the more complex, more sophisticated the company and the type of data that they're using, the harder that implementation is going to be. But it isn't a drastic effort for all companies. It certainly is for some. So anyone listening here who has had to comply, you might say it's been very challenging, and that might be true. We have also worked with companies, though. It it's been a little bit of a lift, again, insurmountable. Yeah,

[Herb Olson (Member)]: I'm sorry, I came in a little bit late, I missed a couple of things. And what I'm thinking about is your general sense about, you know, what sort of time lag, or when the rules can reasonably be applied to different companies. And you talked about effective dates, but then you introduced the notion, and I don't know if they're related, bigger companies, smaller companies.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: So, I didn't mean to interrupt you, sir.

[Herb Olson (Member)]: Please go Yeah. You you did mention for a bigger company, it might be a bigger lift, but I'm wondering whether in terms of when the rules become applicable, is a bigger company able to deal with that sooner than say a smaller company? And I also wanted you to touch on the cure period that I think I missed.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Sure. I think for to address the question in terms of timeline, typically, see that it's about one year from passage to effective. There's been a few states that did two years. And I think depending on where the bill goes, there I know there's a couple areas where there's some contention amongst various groups. Depending on where that lands, I think, is going to be determined how complex it is for any size company. A large company likely already has had to comply with another privacy law, which means the lift for having to comply with this, I don't think necessarily warrants they need an entire other year unless it's a complete drastic change to the entire business model. So I know there are some things around sensitive data and some of the marketing. If it's a large company and all they do might fall into sensitive data, that might be a bigger challenge for them. If you're a larger company and you just sell widgets, kinda boring widgets, the the lift is probably not sorry. Boring widget company. The lift is probably not as high compared to some of the others. In terms of the cure period, some states have had a cure period, meaning if I'm in violation for a period of time, I get I get the ability to make a correction without receiving that fine.

[Herb Olson (Member)]: Yeah. Maybe for the finer point, do smaller businesses need a more extended effective date than a bigger company?

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: I think that depends on how nice you wanna be. I've certainly seen that. The Washington My Health, My Data Act definitely did something similar where they had smaller businesses had a longer period of time to be able to comply with the provisions compared to a larger company.

[Michael Marcotte (Chair)]: Okay. Thanks.

[Jonathan Cooper (Member)]: Thank you. So are there any states that have done a particularly good job of providing sort of information or technical assistance for businesses who are sort of doing it themselves? The reason I ask this is I imagine I used to be a business owner. And in my years of running a modest sized business, I guarantee I would have worked to do this myself. I would want to figure out how to do it and comply. So I'm curious if you can point to either any organizations or any states that have done a good job with their guidance for how, you know, our small businesses, say, 10 employees can can comply?

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: A few come to mind. First, I'm actually gonna start globally because I think the information commissioner office out of The UK, which is the data protection authority, does an incredible job of providing information for small and large business. They also it is easy to be able to see and sort, and I send a lot of people to that website. I highly encourage to get a sense of how they have organized it because, again, I think they've done a very, very good job. Here in The United States, Connecticut puts out multiple advisories, and those advisories have been incredibly helpful to know what is important to their state based on their privacy law. California has their regulations as well as enforcement advisories. Oregon also has various enforcement advisories and a really nice FAQ section on their site.

[Molly Mahar (President, Ski Vermont)]: Thank you.

[Michael Marcotte (Chair)]: Good questions for Jody. Jody, are there other areas in the bill that you see that you might want to address?

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: I think the other area I would want to address would be the few items that might be classified as sensitive data, which would be the key stroking and then I think it's how key stroking is defined and how key stroking might be used. I think there is probably some intent of the idea of keystroking every single piece that someone has and how that could be deemed a violation of privacy, that that's personal information, and you wanna limit that. At the same time, some of that keystroking and heat map might be used in general analytics and the companies that are trying to just be able to analyze what is happening on my There are companies out there that can perform some of this type of behavior without capturing all the personal information with it. And I think you will find some companies will this might be great for them, and they might not understand can they or can't they. The other area would be the one where it has all online activities and identifiers is essentially considered sensitive data, and sensitive data has to have that strictly necessary standard. And that also can lend itself to some of the challenges from a security perspective and ad fraud perspective and analytics. I think additional definitions that could strengthen the areas that are of significant concern versus what typical businesses are often trying to use this information for would help the bill.

[Michael Marcotte (Chair)]: Thank you. Anything else for Jody? Thank you for your time. We certainly appreciate it. It's well spent for us.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Amazing. Thank you so much. Have a wonderful rest of the day.

[Michael Marcotte (Chair)]: Thank you. You as well.

[Jody Daniels (Founder & CEO, Red Clover Advisors)]: Bye bye.

[Michael Marcotte (Chair)]: Bye. Bill? Do you want me to go? Next week.

[Bill Calfee (Founder, Mighty.com)]: Been quite a while since I've testified, so

[Emily Carris Duncan (Member)]: you have

[Bill Calfee (Founder, Mighty.com)]: to let me know doing things right.

[Michael Marcotte (Chair)]: Oh, just state your name and your affiliation, and can figure on with your testimony. Okay.

[Bill Calfee (Founder, Mighty.com)]: I'm Bill Calfee. I'm from Pinesburg. I run a company called mighty.com, or Mighty. I've been a small business owner since 1981 in Vermont. And I actually was president of the chamber of commerce in the Manchester in the mountains chamber of commerce since I went back in the eighties or something. Mighty, just to give you context, we're we're kind of taking on Amazon. We have a platform where we connect independent stores to a place where people can shop across all those stores, put things in a cart, have stuff to the the doorstep. And our objective is keep money in local communities. Cynthia? Excuse me. We've been in prototype stage so far. We have about 70 stores in mostly in Chittenden County, a few outliers to test different things. We have about a 100,000 items on the platform, which is nothing compared to our competition, which is Amazon. We have just running in this prototype forum. We've returned about $6,000,000 to Vermont stores since we started in 2020. We do collect data to fulfill orders. We don't do any of the tracking, cross tracking, all that kind of stuff. That's that actually is why I started Mighty. We when the research I've done into what again, I've focused on Amazon, but Meta and Google are doing a lot of the same stuff. They're collecting data in order to take advantage of Vermonters in this case, trying to extract as much money as they can from our state. They're not interested in making a better product. They're not interested in taking care of the customer. They're interested in extraction. Baye's mission is the opposite. We're interested in keeping money in the local community. To give you an idea, and then I'll I'll get to the bill, Vermonters spend about $50,000,000 a year with Amazon. And that's $50,000,000 a year that leaves the state. Maybe a little bit comes back because there's some UPS people that deliver it or USPS on Sundays. Jeff Dezos spent $50,000,000 on his wedding in Italy. So one month's Vermont expenditures with Amazon he spent in Italy on his wedding, $50,000,000. Italian folks say that that was worth about $1,000,000,000 in economic activity for them. So that that's and I think that's a little bit of an exaggeration, but there is a multiplier effect. When you spend a dollar at Homeport in Burlington, they're going to pay their team. They're going to pay Burlington Electric Company. They're going to pay the landlord. That money is going to then be respent again in Vermont and again in Vermont and again in Vermont. So the $50,000,000 that we're losing per month to Amazon is that that's only the that's only the seed of it. Let's see. And from a security, this woman was talking about security. For the information that we do keep, we do meet the GDPR. That's Mighty runs that carefully. Let's see here. So I think the key things that I wanna support about the bill is, sensitive data. Why do we need to track what a customer is buying across multiple websites? The only reason is if you want to dominate the national or world economy. And so HomePort or Kiss the Cook or Small Dog Electronics or Madpie and Tiger, they don't need to know everybody's searching or looking around the web. The so from a small so I'm representing small not necessarily small, but small to medium sized independent retailers in Vermont. Lenny's has several different stores. They're privately owned. They're an independent store. They make their own decisions. They are not looking to track all this data. You know, when somebody buys a pair of shoes from Lenny's, it's because the customer believes in the support that Lenny's can give them on you know, if the shoe sole comes off, they can go back to them, they're going to be taken care of. So I don't see any reason why any independent business in Vermont needs to be tracking all this information across multiple sites. Obviously yeah. I mean, I like that you're banning surveillance based tracking and guess I guess that's the that's the crux, and I'm happy to answer any questions that you have.

[Anthony "Tony" Micklus (Member)]: I myself am a small business owner. It sounds to me like the question I'm getting is you're pretty much in support of the bill. Yes. What I would like to know is, do you see any problems or see anything there that you might find a problem for you in terms of compliance with the way you're running your business now?

[Bill Calfee (Founder, Mighty.com)]: I mean, for me personally, if we do fantastically, which I hope we do, and and we end up with, you know, all independent stores, you know, connected to Mighty, there I I don't see a challenge keeping that we've already built into our prototype the ability to keep all that information very carefully. The like, for credit card processing and all that, we use, right now, Shopify. As we grow, we'll probably switch to Stripe, which is, again so we don't touch any of that. Probably the most sensitive information that we keep is from the retailers. When they sign on, because we pay them using ACH, we keep their banking their bank and account number. And, again, that's locked down in a vault meeting GDPR standards. We can't see what that information is. They when they go to their vendor portal, they can't see what they've already typed in. They'd have to retype it in. So I I don't I don't see a challenge for us even if we had every independent store in Vermont on the platform.

[Anthony "Tony" Micklus (Member)]: So it sounds to me, correct me if I'm wrong, that if this law were to pass, it wouldn't be heavy left for you to comply with it.

[Bill Calfee (Founder, Mighty.com)]: No. I think for independent store my experience so far with independent stores is they're just I mean, things like log on password. We have a a shopkeeper portal. They're clueless. They're trying to keep up with their business. So I think part of what we'll do going going forward is help them learn about password vaults and safe passwords and things like that. I think this may have an impact if which might be good for them to protect their passwords and things like that. There are still people keeping a piece of paper with passwords on it.

[Anthony "Tony" Micklus (Member)]: I'm in cybersecurity, I can't remember. Okay.

[Bill Calfee (Founder, Mighty.com)]: Other questions?

[Molly Mahar (President, Ski Vermont)]: I'm curious,

[Emily Carris Duncan (Member)]: you spoke a bit about the issue of tracking, and so as you're building your business, I feel like there's this kind of general idea that tracking and knowing your customer to the deepest ability is what should be expected. Are you finding that you're able to attract customers without knowing every move that they make? All of their deep personal histories.

[Bill Calfee (Founder, Mighty.com)]: Yes, because the customers that we attract are they're in this more dilemma of they're at home, the toaster blow up, the kids need to go to school, they just need a new toaster. How can I get a toaster? So Amazon's quick and easy. So now we can be that quick and easy for the toaster. They can go on to Mighty. They can find a toaster. They can have it delivered. We don't need to we don't care how many kids they have. We just you know, we we the the peep the people that the the people that we're dealing with, we just need to know where are we going to deliver it. So that we don't need we don't need personal data. Amazon needs that because they're trying to I I I I mean, I I could talk for hours about what they're doing. It's it's incredibly terrifying, and it's an it's a beautiful business model. In my opinion, evil and terrifying.

[Monique Priestley (Clerk)]: Bill. So two years ago, and we should probably have him back in, but we had a small when we were doing a similar privacy bill, we had a small audio sound equipment company that was a mom and pop. And they had actually gone to court several times with the big guys because they were realizing that as they had trackers and pixels and stuff on their site, when customers would come to their site to look at stuff to buy, like a guitar or something or an amp, that then they were actually watching as customers were served if they didn't buy at that time on their website, that customers were then served ads for the same products at a lower cost from the massive sound audio engineering kind of companies. I was just curious if you so undercutting their business and they would never be able to keep up because they can never spend enough money on ads to compete. I was just curious if you have seen that yourself or in other retailers.

[Bill Calfee (Founder, Mighty.com)]: Well, mean, that's there's this appeal to be on Google, and there's appeal to be on Amazon. And the the risk is just that. If you're on Amazon selling widgets, like the woman was saying, Amazon has this you know, I used to say it as a dashboard, but it's probably this room of people looking at what are the hot sellers. And if widgets are the hot sellers, their their interest is actually in finding a manufacturer of the hot sellers, branding creating an Amazon brand, paying the manufacturer, oh, I'll pay you in a hundred and eighty days or in three hundred sixty days, and then they can put it on Amazon at a few cents cheaper. And who would pay more for a widget than you know? So all of a sudden, the Amazon brand puts the retailers who gave them the data out of business. And and Google is doing the same thing. If you're on Google, it's like, great. Oh, people are coming to my site from Google. Well, yes. And if that person's like, oh, I don't wanna buy right now, then all of a sudden that customer's being served up, as you said, big the big manufacturers are then saying, oh, we'll pay Google to for this data, and then we can serve them. And, you know, there there's a way I had the there's a company I know who we can put a line around this room. And when you look at your phone, if you've looked at that amp on whatever, it would all of a sudden start serving you ads if you're in this room because we were in this conversation. Mhmm. Mhmm. I mean, it it the whole data thing, I think it's incredibly scary, and it is not it is not serving the consumer, and it's definitely not serving the retailer small retailers. Reach out. We will at mighty dot com.

[Edye Graning (Vice Chair)]: Love seeing your trucks around.

[Molly Mahar (President, Ski Vermont)]: Holly. Good morning. Been here in a while. You've been busy. Passing out a lot of pills. It's great. Good morning. I'm Molly Mahar. I'm president of ski Vermont. Thank you, Chair Marcotte, and to the committee for the opportunity to testify on S-seventy one draft 2.3 this morning. Ski Vermont, as you probably remember, is a nonprofit trade association. We represent the state's alpine and cross country ski areas. Our members range from volunteer run community areas all the way up to the state's largest ski areas. And the ski industry is an important economic driver for Vermont, particularly in rural parts of the state. And visits generated by ski areas help other businesses in their communities stay open year round and ride year round jobs. Enacting data privacy policy is very important for Vermonters and Vermont businesses, so we appreciate the committee's work on this issue. We support strong consumer protection around data privacy, but Vermont's approach must be balanced with practical and consistent definitions and provisions so that Vermont businesses remain competitive and have a clear path to compliance. We support the version of s 71 as passed unanimously out of the Senate last year. Today, I want to focus on one section in particular of the bill that would negatively impact our CRE members, but this may not be our only concern with the dispersion of the bill. Draft 2.3 includes data minimization requirements that are confusing, overly restrictive, and it uses new language that is not used in any other jurisdiction. The bill limits collection of data by business to what is reasonably necessary and proportionate to maintain specific product or service requested by the consumer to whom the data pertains and a communication that is not an advertisement by the controller to the consumer that is reasonably anticipated within the context of the relationship between the controller and the consumer. Nevertheless, a ski area may use the data obtained within the parameters above to facilitate first party or targeted advertising. This form of data minimization has not been used in other jurisdictions with respect to data collection. And it may not be clear to a business what this really means. What's more, it introduces a subjective gray area that could be the subject of a dispute between a business and a consumer. For example, is merely browsing a website a requested product or service? These limitations take consumer choice and control out of the equation about how their data can be utilized. Further, the BUILDS language says that the collection and processing of data must be limited to a specific product or service. And I already read it above. Reasonably anticipated within the context of the relationship between the controller and the consumer. And this has the effect of significantly limiting targeted advertising in a business's competitiveness. For example, in the case of a multi ski area season pass product, where not all the participating ski areas share the same ownership or branding, this could have the effect of severely limiting a partner or partner ski area's ability to utilize targeted advertising. By contrast, s 71, as passed out of the Senate, includes data minimization requirements as well, but the limitations are linked to their disclosure to the consumer, allows a controller to collect and process the data that is adequate, relevant, and reasonably necessary in relation to the purposes for which the data is processed as disclosed to the consumer. So with proper disclosure, this version of the bill does permit data to be utilized for targeted advertising, and it allows consumers to opt out if they so choose. Further, this language appears in other jurisdictions, so it would allow Vermont businesses to follow a regional approach to compliance rather than having to comply with the unique standard, which will have the dual effect of limiting their competitiveness relative to businesses in other jurisdictions and driving up their cost of compliance. Many consumers appreciate targeted advertising to inform them of products, services, and ben or benefits benefits or savings that may be available and interesting to them. And if they don't want this type of advertising, the Senate's version of the bill allows them to opt out of receiving it. So this approach gives consumers the choice and the control to receive the information they want to receive from businesses rather than having the choice made for them by prohibiting businesses from providing it altogether. We believe that passing a data privacy bill is important for Vermonters and Vermont businesses, as I said at the beginning. And we support the version of s 71 that passed the Senate because it gives consumers rights and options about how their data is used rather than just leaving it up to businesses. It also allows businesses to responsibly use data so that they can effectively promote their businesses in a competitive market. I also want to mention that I'm chair of the Vermont Travel Recreation Council. I'm also a board member of the Vermont Tourism Alliance, which is a new organization launched just yesterday at the Vermont Tourism Summit. And I'm including this information because while I represent the ski industry specifically, I've been involved with tourism in Vermont for several decades. And I care about the success and the sustainability of the entire tourism industry in the state. Tourism, like the ski industry, is a highly competitive space, and there are many destinations competing for the same visitors we want to attract to visit Vermont. By its nature, the tourism sector, businesses compete with similar businesses in other jurisdictions. Our Vermont tourism businesses must have the same advantages as businesses elsewhere or as much so as possible and not be ham hamstrung by policies that will leave them not only at a competitive disadvantage but with higher compliance costs to similar businesses in other states. You've heard from a number of organizations in favor of draft 2.3 with the purpose of advancing data privacy policy in general, but many of them are not from Vermont and not representing the Vermont businesses that will be directly impacted by the policy that they are promoting. So I urge you to please listen to Vermont businesses. The importance of a healthy and competitive tourism industry in Vermont cannot be overstated. We over index when it comes to the percentage of GDP that tourism contributes, 9% compared to the average state that derives 3% of GDP from tourism. 4,200,000,000 in direct visitor spending, $294,000,000 in direct tax revenue, and 6,950,000,000 in total economic impact when we consider the direct, indirect, and induced outputs of tourism. Can we afford to put any of that at risk? We think the answer is no. And, again, we support data privacy policy that protects consumers, gives them gives them options, but it does not seem prudent to create policy that will render our Vermont businesses less competitive while at the same time forcing them to pay more to comply with a unique to Vermont regulatory regime. Thank you for your time.

[Edye Graning (Vice Chair)]: Ali, thank you. Really appreciate you sharing the I hope it's the main concern for the industry. Targeted advertising is something that we think is something that our businesses should be able to do, whether they have a relationship with that customer, first party, which we're making very clear what that is. Or even if you have the information on the retargeting, that's in here. It's available. It's legal right now. And I feel like in this bill, the way it's listed, I'm frustrated a little bit that Maybe frustrated is the wrong word. I feel like we can make it more clear. And if that's what Vermont businesses need, we are more than happy to figure out how to make that perfectly clear to everyone, because we do not want to put Vermont businesses at a disadvantage. We understand that our tourism industry is one of the biggest economic drivers in this state, And we know that we need to support these businesses. And so this bill, as it's listed, was designed and needs clarity, which is where I'm now. That was our goal 100% all along, was to figure out how to thread that needle. How do we protect customers because Vermonters do value their privacy? And how do we make sure that our businesses can still do what they need to do to engage with their today customers and their future customers? Because putting folks at that disadvantage is 100% not. I mean, we're working on economic development, But not what we're trying to do here. And so we would love to work with you on how to make sure that

[Molly Mahar (President, Ski Vermont)]: one is more clear so that businesses can do what they need to do to stay vital and to have more of a place in the state. Thank you for that. Yeah, first party advertising is great, but we're already getting those people. So we really need the ability to reach out and get more people. And like I said, the tourism industry, as you've heard from Commissioner Pelham, too, is very competitive. And certainly, ski area business is very competitive. So we really need to be able to have all the tools at our disposal and not be put at a disadvantage when it comes to ski areas in New Hampshire or ski areas in Maine or New York. I mean, York has a huge tourism budget. And we see their ads on TV over here trying to get to skiers that are here in Vermont. We don't have those kind of resources. So we need all the resources. We just need as level of playing field as we can have with other businesses elsewhere.

[Edye Graning (Vice Chair)]: So as I said, I think the language is in here already, and if this is a concern, it's very much not clear. And so we can work on making that more clear, and we would love to work with you and your businesses to make that.

[Michael Marcotte (Chair)]: It would be helpful to let us know what language needs to be adjusted. Okay. Tony?

[Anthony "Tony" Micklus (Member)]: So first of all, you know, I'm a business owner in Vermont myself. I've been in business for twenty years. I'm totally on your side. I know what it's like trying to get new leads. It's it's a rough world out there. I wanna touch on data minimization a little bit. I actually am in cybersecurity. I'm an IT consultant, and I have seen the devastation of breaches. And I've seen the data that has gotten leaked out and how that has ruined people's lives. So what I wanna find out from you, you it it my understate the way I was hearing what you were saying is this clause makes it more difficult for you to market and sell, and I would like maybe if you could drill down a little bit on and talk to me about specifics why data minimization makes makes it so much harder.

[Molly Mahar (President, Ski Vermont)]: Well, just because we are limited in the data that we can collect and what we can do with that. So in the other version of the bill, as long as we're disclosing that to the the consumer, I worry about just being able to for example, somebody buys a lift ticket. Can I also talk to them about mountain biking in the summer maybe to be able to do some cross marketing? So I could probably I may not be able to answer it today, but I could get back to you with a better answer.

[Anthony "Tony" Micklus (Member)]: Right. And the whole reason, to Edye's point, is if there's a problem here, we want to fix it. And if that's an issue, yeah, let us know, because we can certainly change the language of the bill to accommodate for those types of things. Thank you.

[Emily Carris Duncan (Member)]: I'm curious to know if in relationship to the targeted advertising and things, if a Vermont company is coming from a state that has a stronger privacy regime, is that a market advantage potentially for some of the companies that you work with?

[Molly Mahar (President, Ski Vermont)]: Well, we certainly have ski areas that are owned by companies that are operating in states with stronger privacy laws. So they are complying. But I would argue that those companies have more resources as well. And we have some very small members as well. So we do think that privacy policy can be helpful for the reasons that the first witness was saying. I think that was Rep Priestley's question was, does that help businesses understand the parameters, I guess, and where they're operating. So that can be helpful. But I'm not sure I answered your question.

[Emily Carris Duncan (Member)]: Oh, no. I guess what I'm wondering is, from a business owner's perspective, do you think that there is, for the companies, I guess, in your organization that are already compliant, are they finding a market advantage for being known as having their data privacy and all that

[Michael Marcotte (Chair)]: stuff

[Emily Carris Duncan (Member)]: squared away as opposed to operators that don't necessarily

[Jonathan Cooper (Member)]: I like understand what you're saying, yes.

[Molly Mahar (President, Ski Vermont)]: Not that I'm aware of. I'm certainly Not that I've heard, I have not been aware of conversations like that so that consumers are, for example, choosing them because they think they have better data privacy. I'm not aware of that.

[Monique Priestley (Clerk)]: Yeah, thanks, Molly. I was just curious, just comparing the, I guess, question for comparing the Senate bill as it passed last year and then this version. I'm curious, I'm assuming that probably most, if not all of the ski resorts, I don't know, are having, for instance, skiers from Connecticut. Connecticut updated, so the version that passed the Senate is several years old at this point. And so we were building off of Framework that is Connecticut 2025, which includes things like updates to their data minimization thing that also has the disclosure. So it's not true minimization. And then has things like the threshold of zero for if you handle sensitive data. This year, they're looking at things like facial recognition that's expected to go through. And so I'm just curious, the justification for if we're trying to have businesses that are if they're already complying with Connecticut law, why we would go back to an outdated version of Connecticut as a base to start from, and if they're already complying and needing to.

[Molly Mahar (President, Ski Vermont)]: Well, I would say I have reviewed Connecticut twenty twenty five language, and I think we'd be willing to look at that. I'd like to go back and look at it again, but I think, from what I saw, it looked reasonable. So I think that's something that we entertain. Thank

[Jonathan Cooper (Member)]: you, Molly. It's been helpful. I've been trying to wrap my head around between and this is kind of what you were both just talking about. We have the version passed the Senate. Now we have this updated draft we're working off of. And so I'm going try to work through and really understand the differences, and then also understand the updated situation in Connecticut, law in Connecticut, and also then apply a national lens. And I think the committee shares the sentiment, but we're not interested in putting Vermont businesses at a disadvantage. And then just understanding the real practical specifics of here are the pain points, here are the places that we really need to address. So I guess I just want to kind of reiterate that. Because there's big picture stuff, but then there's also just really drilling down to language and specifics. And so any help you can provide with that, I think, would be most appreciated.

[Molly Mahar (President, Ski Vermont)]: We know words matter, right?

[Jonathan Cooper (Member)]: Right, they sure do. Sometimes more than we ever realized. Yes.

[Molly Mahar (President, Ski Vermont)]: Thank you. Questions from Molly?

[Michael Marcotte (Chair)]: Molly, you zeroed in on data minimization. Think talking about Connecticut in 2025, still with the opt out, still really isn't that If we were to adopt the California Scam, which is lot of businesses already know how to deal with that. That'd be more helpful than trying out new language that we have here.

[Molly Mahar (President, Ski Vermont)]: I would like the opportunity to go back and look at it, but I think aligning with something that exists out there and not have it be unique to Vermont is really important for businesses. As the first witness you heard from was saying, that is probably going to be a pain point for businesses in Vermont. If they have to take something that no one's dealt with before, it's going to be more expensive. And I think if we can align with something that exists, that will be more helpful. But I would need to go back and look at the specifics of California again.

[Michael Marcotte (Chair)]: And as you know, we've the house position has been very strong on a Friday night. And so we've taken that off the table. But by taking that off the table, you still want to make sure Vermonters are protected. So for us, better way of not a better way, but another way of doing what we want for Vermonters is data minimization. So if we have a stronger data minimization regime without the PRA, I think we can feel more comfortable. Still not Our goal was still not to curb the business community either. Emily?

[Emily Carris Duncan (Member)]: Something that we've also talked a little bit about is the landscape and ecosystem of the amount of data that's out there and the accuracy of that data. And the hope is, at least my hope is that we'll be able to craft blogs that can help bring us back towards more accuracy and less of that? Is that something that, the companies that you're working with, do they run into issues with inaccurate data? And how much in terms of resources are they spending having to keep data clean, I guess, as they were?

[Molly Mahar (President, Ski Vermont)]: I can't answer how much they're spending, but it is an issue for them. Yes, for sure. And it just seems like there needs to be more consumer education around these issues, too, at the same time. Hopefully, can have both of those things so that people can understand how they can use the tools and be aware of those things. Like, no, I don't want this app to track me across every website, known to man. Don't want that.

[Michael Marcotte (Chair)]: I think consumers need that upfront, not on page 100 of privacy explanations.

[Molly Mahar (President, Ski Vermont)]: Not saying that this is our job to do that necessarily, but it would be good if consumers knew more about it. Because as the first witness was saying, people are just not unaware of it.

[Michael Marcotte (Chair)]: I think it's consumer. I think it's business education too. Do you know if your members are using data, security,

[Molly Mahar (President, Ski Vermont)]: insurance, technology, cyber security. Yes. And even our association carries

[Michael Marcotte (Chair)]: a seems like it's cyber becoming more and more prevalent now. I know a number of years ago, they just started with it, but I think that's something else that we haven't really talked about. And how can a data privacy regime in The States be helpful for businesses to help keep their rates down, just like, you know, the work that we do on workers' comp to make sure, you know, that businesses keep their workers healthy and injury free, how that reduces the rates of workers' comp for the businesses themselves. I'm kind of thinking about that in that way, too. Yes, they do carry cyber insurance, for sure. Well,

[David "Dave" Bosch (Member)]: I'm curious to learn more about trends in the demographic of the individuals that ski association Which needs they meet? And are they becoming like, if we think back to who was coming to ski in Vermont thirty years ago, economically, demographically, like, how old are they? Are they more prosperous than they were a generation or two ago? And what are their expectations around levels of service? And do we consider, do they consider privacy a part? Do they have expectations of safety in the information they provide? And is that something that has come up in any way? Is there a sense of, is that part of the decision matrix? Is it simply reaching customers through analytics to make sure they know that there is it's the shoulders of the season are expanding, maybe they'd come back in summer? Or is it also is there a premium placed on, like, the the expectation of security, physical and cyber and virtual, let's say,

[Michael Marcotte (Chair)]: those who are

[David "Dave" Bosch (Member)]: choosing our state for family vacations, annual things, once in a lifetime things.

[Molly Mahar (President, Ski Vermont)]: I haven't heard that come up similar to a prior question. But I have not heard that that is a reason why consumers are choosing to do business with one ski area over another. I have not heard that. Or a specific state over another. But I think, as we were just saying, with more consumer education, you may see that happen.

[David "Dave" Bosch (Member)]: Of course, my question was, can we talk a bit about The Democrats. Yes. And particularly, I'm specifically interested in discretionary spending, household, and talking about prosperity, relative.

[Molly Mahar (President, Ski Vermont)]: I can't really speak to how they've changed over the years, but it tends to be a fairly affluent customer set. Not always across the board, but that's what we tend to see. In terms of specific, I think we're seeing probably sort of early 40s as kind of that average age. So that's been getting older. I do know that. In terms of household incomes, though, I can't really speak to how they've changed over the past fifteen years. But I think it's been, from the statistics that I've seen, fairly consistent.

[David "Dave" Bosch (Member)]: Not to you, Kirk, and I'm surprised that the data stuff would have brought to you.

[Molly Mahar (President, Ski Vermont)]: Well, the ski areas are definitely they are doing a lot more data work than our association is, for sure, because they have their own databases. We don't have vision to their databases. That's a good point that

[David "Dave" Bosch (Member)]: the association has a relationship with its constituents that is Thank you. That helps.

[Molly Mahar (President, Ski Vermont)]: Yeah. They're very protective of their data you know, their databases and their their customers. So that's not something that we have access to at all.

[Michael Marcotte (Chair)]: Yeah. At the same time, it's minimizing the amount of data that they need to collect is helpful for them as well. So they don't have to store as much, they don't have to protect as much. And their exposure is a lot less. Because a breach can be extremely expensive for any business, especially when you have to provide, know, generally it's a couple years of credit tracking, which is, you know, $160 per customer, which adds up very quickly when you have a huge database. Molly, thank you. Know I'm No,

[Jonathan Cooper (Member)]: it's okay. Unfortunately,

[Michael Marcotte (Chair)]: we have to switch because we have amendments to H327. So I know Justin, Marion's let him know that he will come back in first. Falco, if you can come back this afternoon after the floor, we'll take both of you and then continue on with our Does that work for you? Okay. And if not, then we'll certainly invite you back at another time if it doesn't work. Make the estimate. Estimated time on the floor is 02:45, so you should be back around three. Okay. Great.

[David "Dave" Bosch (Member)]: Thank you. I'm pulling right now.

[Michael Marcotte (Chair)]: If you'd like to join Yesterday, We have that on the for today. We might be back sooner. That's right. So the amendment, the Ways and Means Amendment, heard yesterday from It's posted to today's web page as well, and Rick will just kind of go over it with us to make sure we have a full understanding of it now with sharp bullet.

[Rick Sable (Office of Legislative Council)]: Good morning.

[Michael Marcotte (Chair)]: Good morning. Rick Sable with

[Rick Sable (Office of Legislative Council)]: the Office of Legislative Council. Bear with my screen. Okay. So looking at s three twenty seven, the economic development bill that will be on the floor today. I'm gonna share the ways and means amendments to the report of this committee. Appropriations did not have an amendment. So appropriations straw poll was thumbs up to the house commerce report. So we're looking at the method by the house commerce. I wasn't there for the vote. I'm not sure

[Michael Marcotte (Chair)]: how they voted on it. General audience. Yeah.

[Rick Sable (Office of Legislative Council)]: So this is the ways and means amendment. I was not there for the straw poll vote either, but I think it was pretty, if not unanimous, close

[Michael Marcotte (Chair)]: to that. And zero.

[Rick Sable (Office of Legislative Council)]: It's been a busy week, mister chair. We are looking at the ways and means amendment, And it's an instance of amendment. So the underlying bill that House Commerce reported out or the reported commerce stands with these proposed changes by Ways and Means. So no change. I'm gonna go through the House Commerce report. No change to the business growth study. That was section seven. No change to section eight. That's the convention center task force adding the member and the change to the meeting schedule and the report schedule. No change to the veggie sunset. It remains removed. So veggie sunset will be repealed. Section nine a is added. This is a new section. This is the veggie annual cap. This didn't come up in this committee, but in statute, there are limits to how many approvals of money Pepsi can make when it comes to veggie applicants. So that current limit is on the screen where they struck through language 15,000,000 is a cap on how many initial approvals they can make per annual basis, but then 10,000,000 final approvals. So the way I understand it is that the subdivision two, the 10,000,000 is the critical number. That that's the actual final amount that Pepsi can approve. So it's going from 10,000,000 annually to 5,000,000 annually. Pat Chittenden with JFO testified as to how often Pepsi hits that 5,000,000 over the past several years. It's not often. There may be some years where the cap would have been veggie applicants, but you are reducing the amount of money that Pepsi can approve on an annual basis from 10,000,000 to 5.

[Emily Carris Duncan (Member)]: Just to confirm.

[Michael Marcotte (Chair)]: Yep.

[Emily Carris Duncan (Member)]: There is the I can't remember my name of the board that

[Michael Marcotte (Chair)]: Is

[Emily Carris Duncan (Member)]: it the Pepsi Board? If they wanted to up that 5,000,000 for that year, it wouldn't be the Pepsi Board.

[Michael Marcotte (Chair)]: James, know, it's on fiscal committee to do that. We are out of session. And that's all

[Anthony "Tony" Micklus (Member)]: pretty quick. Like, if there was, like, a disaster or something like that. And

[Emily Carris Duncan (Member)]: if we're in session, that would be the backseat board, or would it be us? Or who would make that?

[Michael Marcotte (Chair)]: No. If we're in session and they wanna raise it, then they would come to

[Rick Sable (Office of Legislative Council)]: Well, so sub subsection b that.

[Michael Marcotte (Chair)]: Still have that.

[Rick Sable (Office of Legislative Council)]: So subsection b on the screen is not amended, but it says that the council, meaning, that's a can increase the cap from 5,000,000, supposedly, another 5 be 10 upon application by the governor and approval of the joint fiscal committee. So I don't think the legislature has to be out of session. Think joint fiscal can meet now if they wanted to.

[Emily Carris Duncan (Member)]: Yes. That's what we

[Rick Sable (Office of Legislative Council)]: Maybe procedurally, they don't. But in statute, there's not necessarily a restriction to my understanding. But That'll put

[Anthony "Tony" Micklus (Member)]: it right at where where it was. Yeah. And I I think and I don't think it ever

[Michael Marcotte (Chair)]: hit either of those numbers.

[Emily Carris Duncan (Member)]: No. Think that's a I think that's a nine.

[Rick Sable (Office of Legislative Council)]: You look at so if you look at Pat Chittenden's GFO fiscal note Yeah. From Ways and Means Committee, if you go to the website, you should be able to see that he posted how often the last ten years, what their annual spend has been approval.

[Herb Olson (Member)]: I think there were some from what Charles and Kenner Kimmel said. There were some years that it went up. Yes.

[Jonathan Cooper (Member)]: Last time was 2018, I think.

[Anthony "Tony" Micklus (Member)]: It seemed like it was the exception more than the rule. That's correct. I think they did.

[Michael Marcotte (Chair)]: '18 or '19. It's been down recently.

[Anthony "Tony" Micklus (Member)]: And anything between 2020 and 2023, just throw it out. No. So

[Michael Marcotte (Chair)]: and just a reminder to the committee that we have have jurisdiction on the policy issues. Ways and Means has the The issue for them is taxes, which we don't have jurisdiction over, and this is their jurisdiction, but you may want to have some conversations with them going forward about if the legislature is in session, then should the Joint Fiscal Committee be making a decision like that.

[Rick Sable (Office of Legislative Council)]: So no other changes to the annual cap. Okay. The second instance of amendment is in the rural industry grant program law that we committee amended. So subsection h is struck out. That was the retroactive application that was moved, so it's not gone. It's moved from statute to session law. And I will explain that in the third instance because this is where it led to. So, again, striking out, I can hear it. You know what? Let's let's do this. Let's look at what subsection h is. So by the way, this means no changes to the pilot or the post secondary education study from labor. So that was untouched by ways and means. Section 12, the rural industry grant program language subsection h from this committee. There it is. So you may remember, that a applicant that was already awarded this type of grant should be able to get their invoices paid at 50 instead of 20%. Right? That's something the committee determined. That's not changing. I'll show you here in a second. That was just in statute, and I thought about it, and I moved it to session law. So 12 c is new. The intent of 12 a and 12 b, that's striking out the session law of the program, 12 b is reinserting it, is to move the rural industry development grant program from its original placement in session law of the budget to title 10. Nothing new there. Just explaining what happened. The move is intended to increase the visibility of the program. Any person that was awarded a grant to the program before the effective date of the act shall, one, not have its award rescinded solely due to the program language being moved to title 10. Again, just clarifying where we're appealing a grant program, that doesn't mean the program's dead because it's being brought back in statute. But I do wanna make that clear. Two, if the award has not been fully paid out, be eligible to have the applicant's invoices that are submitted on or after the effective date, to the agency reimbursed at 50%. This is a subsection h where a previous grantee can have their invoices paid at a higher rates. But number three, again, this came from age, not be eligible for an increased total award amount. So, subsequently, no change. Just put it in session law because this is gonna not be a problem or something. And I don't want it to live in title time. Yeah. Staring at me for the rest of my time here. Okay. So that's it for the rural industry grant program. No no changes there. Fourth instance is a purely technical change. When I moved over some of this language from the nipple rounding to three twenty seven, I missed language that just clarifying the purpose of the act should be the purpose of section 13 b, which is the nickel rounding section. That's technical change. The fifth change is nontechnical, but it is not substantive. I'll explain what I mean here. In the nickel bill, this is the ways and means language. The language a person was previously a person or business. And I'll show you that here. So this is b one. This is house commerce, a person or business. This is ways and mean means a person engaged. So talking to my colleague Cameron and then talking to ways and means, a person in Vermont statute is defined as really any entity, including state government, which the intent of the report from commerce was that state government should be included. If the state government's d m DMV wants to round nickels, they should be able to. The discussion was, if you worded a person or business, is that confusing? And the thought was to be clear by using just person, which includes businesses, which includes the state, which includes sole proprietors. So someone that wants to round can do so using this mechanism. Not so that's my explanation. It's not substantive, but it is in some ways. No other change to the actual numbers here. So one a b, and I just replaced the entire subsection to make it easier to read. So but two, same thing if a person or business is now just a person. The sixth instance, we still still earn the nickel bill. The notice requirements here, you do have some substantive changes. K. Go to the house commerce version, subsection e. On or before 07/01/2026, the commissioner shall prepare and provide individuals and businesses with a model notice pursuant to the section that at minimum includes a reference to the Vermont Consumer Assistance Program. The notice provided by the commissioner shall be available for free. That last sentence really threw off ways of means. They didn't know they didn't think it was necessary. Didn't think it was really needed to be in statute. So kind of reframe the sentence a little bit. The commissioner shall shall still prepare and provide individuals and businesses with a model notice pursuant to the section That shall also include a reference to the Vermont Consumer Assistance Program. So it's a change. Two, this could change. House commerce, a person or business, so removing or business, rounding transactions under the section shall post the model notice developed pursuant to subdivision one of the subsection. A person rounding transactions, etcetera, etcetera, in a clear and conspicuous manner at the point of sale or at the interest of the business. This was in your bill that you were discussing when it got moved over to three twenty seven. That clear and conspicuous manner was, I think, inadvertently left off by me. So I recommended this go back because I think this this was your intention to include that requirements that it'd be at that language Did I reflect the committees? It was just my copy and pasting didn't quite make it all. Three, I don't think there

[Michael Marcotte (Chair)]: are changes. That's good. Change to three.

[Rick Sable (Office of Legislative Council)]: Ignore the highlighting. This is ways it means highlighting. In the seventh instance, this is C PACE 14 a. Subsection a was the 01/01/2027 beginning date. There was discussion about that, and Ways and Means decided that it should take effect immediately.

[Michael Marcotte (Chair)]: And I think we I think we said that that the effective date would be on passive. Right?

[Rick Sable (Office of Legislative Council)]: So, yeah, the the the language in the this here, the sentence, highlight it. This sentence is struck. So it takes a bit of passage, and then you can issue the agreement as soon as you want. So another instance amendment adding subsection j to C PACE. And this was kinda over my head because the whole education fund tax liability, there was debate about that. So my colleague, Kirby, the tax attorney, drafted this language, which says this section in C PACE shall not be construed to affect a taxpayer's liability or municipality's responsibility for payment under 32 VSA fifty four zero two. There's some this is like bills and suspenders. I think the committee was considered what's concerned that this is affecting the Ed Fund, is there some other so no no substantive change here. Just, I think, clarifying that we don't want any indirect effects to funds that aren't meant for this purpose.

[Michael Marcotte (Chair)]: Yes.

[Rick Sable (Office of Legislative Council)]: Okay. And then nine is just drafting style stuff that I fixed. No other nothing was deleted that had anything in it. I'm creating sections and then deleting those sections.

[Michael Marcotte (Chair)]: Again, I I

[Rick Sable (Office of Legislative Council)]: came in the committee at the last second and and moved stuff in without having it edited, and that's what happens.

[Bill Calfee (Founder, Mighty.com)]: Your attorney will let you do your

[Rick Sable (Office of Legislative Council)]: account things. You have to trust me that I'm not hiding anything in sections 10 through 14. It's because if you wanna know, I created section 10 a without a 10. So drafting can't do that. I'm like, okay. So we now have a 10 that's just deleted. And but we have a 10 a and 10 b that has substance. So in case you all wanna know how sausage is made. Wow. Yes. Same thing with twelve, thirteen, 14. I didn't do an a or I didn't do a 13. I did a 13 a without a 13.

[Anthony "Tony" Micklus (Member)]: I mean, this is a rabbit hole

[Michael Marcotte (Chair)]: I could go down for hours.

[Rick Sable (Office of Legislative Council)]: I'll send you the draft manual.

[Michael Marcotte (Chair)]: We can we can do that. Depends on how hungry you are. Had enough. Page one. Any questions for Rick? Okay. So everyone in favor report favorably on the House Ways and Means Committee amendment to h three twenty seven, raise your hand. All opposed? Ten zero one, I

[Jonathan Cooper (Member)]: Nine zero two.

[Michael Marcotte (Chair)]: That's right. Kirk. Kirk, did you want are you on? Did you wanna raise your hand? He's raising his hand. Alright. There was. I thought you were there.

[Rick Sable (Office of Legislative Council)]: I am.

[Michael Marcotte (Chair)]: Okay, committee. We're on the floor at one. So 03:27 is up for action this afternoon. Be there this Fort Abbey, and we'll back in here after four to take more testimony at seventy one. So I think we can go to lunch.

Vermont Legislature SmartTranscripts:

House Commerce - 2026-04-30 - 10:25AM

Meetings

Transcript: Select text below to play or share a clip

Meetings

Transcript: Select text below to play or share a clip

Share