|An Act Requiring Consumer Credit Bureaus to Offer Security Freezes|
|CITATION||Conn. Gen. Stat. 36a-701(b)|
|SUMMARY||Any person who conducts business in Connecticut and who, in the ordinary course of such person's business, owns, licenses or maintains computerized data that includes personal information, must disclose any breach of security following the discovery of the breach to any resident of this state whose personal information was, or is reasonably believed to have been, accessed by an unauthorized person through such breach of security. Such disclosure shall be made without unreasonable delay, subject to the completion of an investigation by such person to determine the nature and scope of the incident, to identify the individuals affected, or to restore the reasonable integrity of the data system. Such notification shall not be required if, after an appropriate investigation and consultation with relevant federal, state and local agencies responsible for law enforcement, the person reasonably determines that the breach will not likely result in harm to the individuals whose personal information has been acquired and accessed.|
Definition of Personal Information: An individual's first name or first initial and last name in combination with any one, or more, of the following data:
Excludes data that is redacted or secured by other methods rendering data unreadable or unusable from notification obligations.
|INDUSTRY||Any person that conducts business in Connecticut and owns or licenses computerized data that includes personal information or maintains such data.|
|PENALTIES||A breach is an “unfair trade practice” which is enforced by the Attorney General. A defendant can be held liable for damages awarded in a private civil action may be in the amount of actual damages sustained, five hundred dollars, or three times the amount of actual damages sustained, whichever is greater. In such cases, it should be established by clear and convincing evidence that the other party engaged in bad faith conduct.|