US-Connecticut | Breach notification law enters into effect from October 01, 2021

The Act concerning Data Privacy Breaches was signed on 16 June 2021, by the Connecticut State Governor and entered into effect, on 1 October 2021.

Key Highlights of the Act

  • Scope of Definition of personal information has been broadened to include additional categories of sensitive information. The definition includes:

“personal information” means an individual’s

A. first name or first initial and last name in combination with any one, or more, of the following data:  

(i) Social Security number;  

(ii) taxpayer identification number;

(iii) identity protection personal identification number issued by the Internal Revenue Service; (iv) driver’s license number, [or] state identification card number;

(iv) passport number, military identification number or other identification number issued by the government that is commonly used to verify identity;

(v) credit or debit card number;

(vi) financial account number in combination with any required security code, access code or password that would permit access to such financial account;

(vii) medical information regarding an individual’s medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional;

(viii) health insurance policy number or subscriber identification number, or any unique identifier used by a health insurer to identify the individual; or

(ix) biometric information consisting of data generated by electronic measurements of an individual’s unique physical characteristics used to authenticate or ascertain the individual’s identity, such as a fingerprint, voice print, retina or iris image; or

B. user name or electronic mail address, in combination with a password or security question and answer that would permit access to an online account.

  • Shortened the time period to notify consumers and the Attorney General (‘AG’) of a security breach from 90 to 60 days; and
  • Providing confidentiality for material obtained by the AG through Civil Investigative Demands.

Join the discussion

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.