Section 42-471 - Safeguarding of personal information. Social Security numbers. Privacy protection policy. Civil penalties. Unfair trade practice(a) Any person in possession of personal information of another person shall safeguard the data, computer files and documents containing the information from misuse by third parties, and shall destroy, erase or make unreadable such data, computer files and documents prior to disposal.(b) Any person who collects Social Security numbers in the course of business shall create a privacy protection policy which shall be published or publicly displayed. For purposes of this subsection, "publicly displayed" includes, but is not limited to, posting on an Internet web page. Such policy shall: (1) Protect the confidentiality of Social Security numbers,(2) prohibit unlawful disclosure of Social Security numbers, and(3) limit access to Social Security numbers.(c) As used in this section, (1) "personal information" means information capable of being associated with a particular individual through one or more identifiers, including, but not limited to, a Social Security number, a driver's license number, a state identification card number, an account number, a credit or debit card number, a passport number, an alien registration number, a health insurance identification number or any military identification information, and does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media, and (2) "military identification information" means information identifying a person as a member of the armed forces, as defined in section 27-103, or a veteran, as defined in said section, including, but not limited to, a selective service number, military identification number, discharge document, military identification card or military retiree identification card.(d)(1) Except as provided in subdivision (2) of this subsection, for persons who hold a license, registration or certificate issued by, or a charter subject to the supervision of, a state agency other than the Department of Consumer Protection, this section shall be enforceable only by such other state agency pursuant to such other state agency's existing statutory and regulatory authority.(2) The provisions of subdivision (1) of this subsection shall not apply to actions undertaken by the Attorney General.(e)(1) A violation of this section shall constitute an unfair trade practice under subsection (a) of section 42-110b, provided the provisions of section 42-110g shall not apply to such violation. Nothing in this section shall be construed to create a private right of action.(2) In the event of a violation of this section, the Department of Consumer Protection may conduct an administrative hearing, in accordance with chapter 54, and impose a civil penalty of not more than five thousand dollars per violation.(f) The provisions of this section shall not apply to any agency or political subdivision of the state.(g) If a financial institution has adopted safeguards that comply with the standards established pursuant to Section 501(b) of the Gramm-Leach-Bliley Act of 1999, 15 USC 6801, then such compliance shall constitute compliance with the provisions of this section.(h) Any civil penalties received pursuant to this section may be deposited into the privacy protection guaranty and enforcement account established pursuant to section 42-472a.Conn. Gen. Stat. § 42-471
( P.A. 08-167 , S. 1 ; P.A. 09-71 , S. 1 ; 09-239 , S. 13 ; P.A. 17-137 , S. 1 .)
Amended by P.A. 23-0099,S. 32 of the Connecticut Acts of the 2023 Regular Session, eff. 7/1/2023.Amended by P.A. 23-0098, S. 5 of the Connecticut Acts of the 2023 Regular Session, eff. 7/1/2023.Amended by P.A. 17-0137, S. 1 of the Connecticut Acts of the 2017 Regular Session, eff. 10/1/2017.Amended by P.A. 09-0239, S. 13 of the the 2009 Regular Session, eff. 7/9/2009.Amended by P.A. 09-0071, S. 1 of the the 2009 Regular Session, eff. 10/1/2009.