New Connecticut Law Regarding Data Security/Destruction and Social Security Numbers

11 September 2008 Publication

Legal News Alert: Privacy, Security & Information Management

Connecticut passed a law that appears to go into effect on October 1, 2008. The first portion of the law requires any person who possesses personal information of another person to safeguard the data, computer files and documents containing the information from misuse by third parties, and destroy, erase or make unreadable such data, computer files and documents prior to disposal. Under this law, “personal information" means information capable of being associated with a particular individual through one or more identifiers, including, but not limited to, a Social Security number, a driver's license number, a state identification card number, an account number, a credit or debit card number, a passport number, an alien registration number or a health insurance identification number, and does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.

Connecticut also amended its Social Security number law and now requires any person who collects Social Security numbers in the course of business shall create a privacy protection policy that must be published or publicly displayed in some form including, but not limited to, posting on an Internet Web page. The policy must protect the confidentiality of Social Security numbers, prohibit unlawful disclosure of Social Security numbers, and limit access to Social Security numbers. Civil remedies do exist, though there appear to be limits on private rights of actions for certain businesses that hold licenses, registrations, or certificates from a state agency other than the Department of Consumer Protection. 

Legal News Alert is part of our ongoing commitment to providing up-to-the-minute information about pressing concerns or industry issues affecting our clients and our colleagues. If you have any questions about this alert or would like to discuss this topic further, please contact your Foley attorney or the following individual:

Andrew B. Serwin
Chair, Privacy, Security & Information Management Practice