On June 16, 2021, an Act Concerning Data Privacy Breaches was signed by the Connecticut State Governor and will take effect on 1 October 2021.

 

Key Features of the Act:

  • Definition of personal information has been modified to include additional categories of sensitive information;

“Personal Information” means an individual’s  first name or first initial and last name in combination with any one, or more, of the following data:

    1. Social Security number;
    2. taxpayer identification number;
    3. identity protection personal identification number issued by the Internal Revenue Service;
    4. driver’s license number,[or]state identification card number;
    5. passport number, military identification number or other identification number issued by the government that is commonly used to verify identity;
    6. credit or debit card number;
    7. financial account number in combination with any required security code, access code or password that would permit access to such financial account;
    8. medical information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional;
    9. health insurance policy number or subscriber identification number, or any unique identifier used by a health insurer to identify the individual; or
    10. biometric information consisting of data generated by electronic measurements of an individual’s unique physical characteristics used to authenticate or ascertain the individual’s identity, such as a fingerprint, voice print, retina or iris image; or (B) user name or electronic mail address, in combination with a password or security question and answer that would permit access to an online account.

‘Personal information’ does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.

  • Time period to notify consumers and the Attorney General (‘AG’) of a security breach from has been reduced from 90 to 60 days; and
  • Confidentiality for material obtained by the AG through Civil Investigative Demands has been provided.

 

Read the Bill HERE

Join the discussion

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.