Loading chat...
CT HB05310
Bill
Status
Passed
6/16/2021
Primary Sponsor
General Law Committee
Click for details
AI Summary
- Reduces the deadline for notifying Connecticut residents of a data security breach from 90 days to 60 days after discovery, and requires good-faith notification of additionally identified residents as expediently as possible after that window
- Expands the definition of "personal information" to include taxpayer identification numbers, IRS identity protection PINs, passport numbers, military IDs, medical information, health insurance identifiers, and biometric data (e.g., fingerprints, voice prints, retina or iris images)
- Adds a new category of protected personal information: user names or email addresses combined with passwords or security questions that permit access to online accounts
- Requires entities whose breach involves Social Security numbers or taxpayer identification numbers to offer affected residents free identity theft prevention and, if applicable, mitigation services for at least 24 months, including credit freeze information
- Entities subject to HIPAA and HITECH are deemed compliant with the act, provided they still notify the Connecticut Attorney General and offer required identity theft services; noncompliance constitutes an unfair trade practice enforceable by the Attorney General
Legislative Description
An Act Concerning Data Privacy Breaches.
Last Action
Signed by the Governor
6/16/2021
Committee Referrals
Government Administration and Elections4/8/2021
General Law1/22/2021
Full Bill Text
No bill text available