CT SB00589

Requires insurers, banking organizations, data brokers, and health care entities licensed in Connecticut to implement encryption technology for personal information by July 1, 2016, with updates as necessary and practicable.

Mandates written notification to affected individuals within seven days of discovering unauthorized access to their personal information.

Requires entities to provide at least two years of free identity theft monitoring and protection services to persons whose personal information was accessed without authorization.

Defines "personal information" as an individual's name combined with Social Security number, driver's license number, state ID number, home address, or health information, excluding publicly available government records.

Authorizes the Insurance Commissioner to adopt regulations in consultation with the Commissioner of Consumer Protection to establish minimum standards for encryption security technology.