|
Data Protection required in Connecticut |
The issue of Data Proteciton and the methods required to protect personally identifiable information is woefully unregulated, allowing businesses to treat personal information however they desire.
Connecticut has enacted a law that requires business to safeguard personal information. Connecticut businesses and individuals will be subject to civil fines of up to $500,000 for an intentional failure to safeguard personal information, maintained in paper or electronic form, under a bill (H.B. 5658) signed June 10 by Gov. M. Jodi Rell (R).
The new law, which takes effect Oct. 1, would not impose fines for negligent or unintentional failures, and does not apply to public entities.
Personal information is defined under the law as "information capable of being associated with a particular individual," including, but not limited to, an individual's Social Security, driver's license or state identification card, financial account, debit or credit card, passport or alien registration, or health insurance account number.
The law will be enforced by the state regulatory agency that licensed the relevant business. The state Department of Consumer Protection will enforce the law for all other businesses. The $500,000 civil penalty is applicable not only for a willful failure to safeguard personal data, but also for intentional failures by businesses to properly dispose of such data, and also applies to the SSN use restrictions of the new law.
Protect people's information! |
