CT HB05427

Requires any person conducting business in Connecticut who owns, licenses, or maintains computerized data containing personal information to notify the Attorney General immediately upon discovery of a security breach.

Defines "breach of security" as unauthorized access to electronic files or databases containing personal information that is not secured by encryption or other protective technology.

Requires notification to affected Connecticut residents without unreasonable delay, unless investigation determines the breach will not likely result in harm, with possible delays only if law enforcement requests it for criminal investigation purposes.

Permits notification through written notice, telephone, electronic notice, or substitute notice (email, website posting, or media notification) if costs exceed $250,000 or affect more than 500,000 persons.

Establishes non-compliance as an unfair trade practice enforceable by the Attorney General, effective October 1, 2012.