McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Business HomeProducts & SolutionsData ProtectionUS & Global Data Protection LawsSecurity Breach Notification Laws

Connecticut

An Act Requiring Consumer Credit Bureaus to Offer Security Freezes
CITATION Conn. Gen. Stat. 36a-701(b)
ENACTED 2005
SUMMARY Any person who conducts business in Connecticut and who, in the ordinary course of such person's business, owns, licenses or maintains computerized data that includes personal information, must disclose any breach of security following the discovery of the breach to any resident of this state whose personal information was, or is reasonably believed to have been, accessed by an unauthorized person through such breach of security. Such disclosure shall be made without unreasonable delay, subject to the completion of an investigation by such person to determine the nature and scope of the incident, to identify the individuals affected, or to restore the reasonable integrity of the data system. Such notification shall not be required if, after an appropriate investigation and consultation with relevant federal, state and local agencies responsible for law enforcement, the person reasonably determines that the breach will not likely result in harm to the individuals whose personal information has been acquired and accessed.
DATA COVERED

Definition of Personal Information: An individual's first name or first initial and last name in combination with any one, or more, of the following data:

  1. Social Security number;
  2. Driver's license number or state Identification Card number; and
  3. Account number, credit or debit card number, in combination with any required security code, access code, or password that would permit access to an individual's financial account.

Excludes data that is redacted or secured by other methods rendering data unreadable or unusable from notification obligations.
INDUSTRY Any person that conducts business in Connecticut and owns or licenses computerized data that includes personal information or maintains such data.
PENALTIES A breach is an “unfair trade practice” which is enforced by the Attorney General. A defendant can be held liable for damages awarded in a private civil action may be in the amount of actual damages sustained, five hundred dollars, or three times the amount of actual damages sustained, whichever is greater. In such cases, it should be established by clear and convincing evidence that the other party engaged in bad faith conduct.
United States - English