Substitute Bill No. 117 seeks to enhance the legal framework surrounding breaches of security involving electronic personal information. It introduces new definitions, such as "Breach of security," which refers to unauthorized access to unencrypted personal data, and "Massive breach of security," defined as incidents affecting at least 100,000 residents. The bill expands the definition of "Personal information" to include sensitive data like Social Security numbers and biometric data, while excluding publicly available information. It also outlines the responsibilities of data owners in the event of a breach, mandating timely notification to affected residents and the Attorney General, and allowing for various notification methods.

The bill further stipulates that entities must engage a third-party expert for forensic examinations following unauthorized access and submit detailed reports to the Attorney General. Failure to comply with these requirements may result in civil penalties up to $250,000, with considerations for the size of the offending entity. Additionally, the bill ensures that forensic reports remain confidential and establishes that non-compliance will be treated as an unfair trade practice. The act is set to take effect on October 1, 2026, and amends section 36a-701b, while also allowing for electronic notifications and alternative methods if verification of receipt is not possible.

Statutes affected:
Raised Bill:
GL Joint Favorable Substitute:
File No. 340:
JUD Joint Favorable: