Senate Bill: 650
Connecticut General Statute: §36a-701b
Effective Date: January 1, 2006
Definition of Personal Information: An individual's first name or first initial and last name in combination with any one, or more, of the following data:
(a) Social security number;
(b) Driver's license number or state Identification Card number; and
(c) Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.
Summary: Any person who conducts business in this state, and who, in the ordinary course of such person's business, owns, licenses or maintains computerized data that includes personal information, shall disclose any breach of security following the discovery of the breach to any resident of this state whose personal information was, or is reasonably believed to have been, accessed by an unauthorized person through such breach of security. Such disclosure shall be made without unreasonable delay, subject to the completion of an investigation by such person to determine the nature and scope of the incident, to identify the individuals affected, or to restore the reasonable integrity of the data system. Such notification shall not be required if, after an appropriate investigation and consultation with relevant federal, state and local agencies responsible for law enforcement, the person reasonably determines that the breach will not likely result in harm to the individuals whose personal information has been acquired and accessed.
Visit the State Web site