The proposed legislation, General Assembly Raised Bill No. 5210, aims to establish new data security requirements for certain financial institutions in Connecticut, effective October 1, 2026. The bill repeals and replaces Section 36a-44a of the general statutes, introducing new provisions that require financial institutions—including banks, credit unions, and out-of-state entities with a presence in Connecticut—to adopt a written program that outlines standards for developing, implementing, and maintaining reasonable data security safeguards. Additionally, these institutions must comply with the Gramm-Leach-Bliley Financial Modernization Act of 1999 and its regulations, ensuring that customer information is protected.

Furthermore, the bill mandates that any licensee maintaining customer information for consumers in Connecticut must adhere to the applicable provisions of 16 CFR Part 314. It also requires that these institutions file a written report with the Department of Banking within three business days of any data security incident that affects their business operations or involves unauthorized access to consumer personal information. The bill emphasizes the importance of customer protection, stating that in cases of inconsistency with existing laws, the provisions offering greater protection to customers will prevail.

Statutes affected:
Raised Bill: