Gary Winfield


Gary Winfield



June 3, 2017

Senate Majority Leader Duff and Senator Winfield Lead Passage of Bill Strengthening Connecticut’s Consumer Data Security Laws

In the wake of President Donald Trump’s and Congressional Republicans action repealing a Federal Communications Commission (FCC) privacy rule adopted last October requiring Internet Service Providers to get customers’ permission to use and share, the Connecticut Senate is gave unanimous passage today to a bill that will strengthen its consumer data privacy laws. The Obama-era rule also required ISPs to adopt security practices to help prevent large-scale data breaches, and to notify users, the FCC and the FBI in case of a major hack.

“The Republican rollback of FCC privacy rules is deeply troubling,” said Senate Majority Leader Bob Duff (D-Norwalk). “That’s why the Connecticut Senate is leading the way to strengthen our data privacy laws so that consumers will be alerted in the event of a data breach and will receive protections in the event their personal information is exposed. The legislation will bring together experts in the field to ensure that Connecticut is a national leader when it comes to protecting consumers.”

“As data breaching through hacking and other methods continues to be a rising trend, it’s important that we put legislation in place to protect consumers. This bill will help ensure that credit card customers are better informed when someone gains unauthorized access to their sensitive information and further help reduce their risk of identity theft,” Senator Gary Winfield (D-New Haven) said.

Senate Bill 974 improves Connecticut’s existing data breach notification laws by expanding instances when customers must be notified if their data has been stolen to include all records, not just “computerized” and “electronic.”

If there is a data breach, current law requires the company to provide affected customers identity theft protection services and identity theft mitigation services for at least 12 months. This bill changes it to 24 months—more in line with standards across the country.

Additionally, the legislation establishes a working group to study:

  • Broadband Internet access service consumer data privacy
  • Industry standards regarding the protection of consumer data
  • The definitions of “sensitive” vs. “nonsensitive” customer personal information
  • Methods of customer notification regarding data privacy
  • Methods of enforcement

Members of the working group include:

  • Attorney General
  • Office of Consumer Counsel
  • Commerce committee member
  • Energy committee member
  • Representative of a nonprofit with expertise in data privacy
  • Representative of a nonprofit with expertise in data privacy
  • Member of the broadband service industry
  • Attorney with consumer privacy expertise