Connecticut data breach notification act

Connecticut SB 650 of 2006 requires that any person who conducts business in this state, and who, in the ordinary course of such person’s business, owns, licenses or maintains computerized data that includes personal information, shall provide notice of any breach of security, following the discovery of the breach, to any resident of this state whose personal information was breached or is reasonably believed to have been breached. Such notice shall be made without unreasonable delay but not later than ninety days after the discovery of such breach. The policy detects combinations of Personally Identifiable Information (PII) like social security, credit card, and driver’s license numbers. The rules for this policy are:

• Connecticut Data Breach Notification Act: Name and SSN
• Connecticut Data Breach Notification Act: Name and DL
• Connecticut Data Breach Notification Act: Name and CCN
• Connecticut Data Breach Notification Act: Name and Password (Wide)
• Connecticut Data Breach Notification Act: Name and Password (Default)
• Connecticut Data Breach Notification Act: Name and Password (Narrow)
• Connecticut Data Breach Notification Act: Password Dissemination for HTTP Traffic (Wide)
• Connecticut Data Breach Notification Act: Password Dissemination for HTTP Traffic (Default)
• Connecticut Data Breach Notification Act: Password Dissemination for HTTP Traffic (Narrow)
• Connecticut Data Breach Notification Act: Account and Password