House Bill No. 5208, also known as Public Act No. 26-51, updates data security regulations for financial institutions in Connecticut, effective October 1, 2026. The bill introduces definitions for terms such as "data security incident," "financial institution," and "personal information," and mandates that all financial institutions, including banks and credit unions, implement a written program to establish reasonable data security safeguards. Institutions are required to notify the Department of Banking within three business days of any data security incident that may affect their operations or customer information. The bill also repeals and replaces existing language in Section 36a-44a to streamline compliance with federal regulations. Additionally, it requires the Department of Banking to study payroll processing methods and the time for payroll checks to clear, with a report due by January 1, 2027, and establishes a working group to study consumer fraud and protections, with findings due by the same date.

The bill also amends existing laws regarding flood damage notifications for mortgage loan applicants. It clarifies that flood damage can occur outside designated flood zones and encourages applicants to consult licensed insurance professionals about flood insurance. The notice requirements for mortgage loan applicants are modified, changing the subsection designation from (b) to (c) and updating the previous subsection (a) to (b). The revised notice must be written in plain language, signed and dated by the applicant to confirm receipt, and provided at specific times based on the type of mortgage loan. For open-end lines of credit or home equity loans, the notice must be given by the closing date, while for other loans, it must be provided at least ten days before closing. Creditors are also required to maintain a copy of this notice with the applicant's mortgage records.

Statutes affected:
File No. 728:
Public Act No. 26-51: