CT HB05346

Commissioner of Public Health must develop and implement a confidentiality pledge for department employees by October 1, 2016, with all employees signing by January 1, 2017, outlining responsibilities and consequences for misuse of confidential information.

Commissioner of Public Health must develop internal policies by December 1, 2016 to protect confidential information from breaches, including processes to identify vulnerabilities, detect breaches, classify severity, contain disclosure, document incidents, and notify affected parties.

Commissioner of Consumer Protection must develop and implement an identical confidentiality pledge for department employees by October 1, 2016, with the same January 1, 2017 signing deadline.

Commissioner of Consumer Protection must develop internal breach protection policies by December 1, 2016 with the same requirements as the Public Health Department, and submit a copy to the relevant legislative committee by December 31, 2016.

Defines "confidential information breach" as unauthorized access to unencrypted confidential information, unauthorized third-party access to encrypted information with decryption keys, or instances creating substantial risk of identity theft or fraud.