Requires a broadband internet access service provider to: (1) Notify its customers of its privacy policies;

(2) Provide existing customers with advance notice of one or more material changes to the carrier's privacy policies;

(3) Obtain opt-out approval from a customer to use, disclose, or permit access to the customer's nonsensitive customer proprietary information; and

(4) Take reasonable measures to protect customer personal information from unauthorized use, disclosure, or access.

Requires the office of the attorney general, in consultation with the utilities and transportation commission, the office of data and privacy protection, and the department of commerce, to review and analyze additional opportunities to increase consumer privacy transparency, control, and protection.

Creates the consumer privacy and security account.