September 19, 2021

Volume XI, Number 262

Advertisement

September 17, 2021

Subscribe to Latest Legal News and Analysis

September 16, 2021

Subscribe to Latest Legal News and Analysis
Advertisement

Connecticut Legislature Responds to Proliferation of Data Breaches

On June 4, 2018, the Governor signed into law Public Act 18-90, An Act Concerning Security Freezes on Credit Reports, Identity Theft Prevention Services and Regulations of Credit Rating Agencies (the “Act”), likely in reaction to the Equifax breach among many others.  The title of the Act leaves little to the imagination as to its subject matter.

This Act, designed to protect consumers, contains a number of protections for consumers with regard to credit agencies.  First, it eliminates the fee consumers must pay to credit agencies to place and remove credit freezes.  Second, while the credit agencies previously had to act on these requests no later than five days for a credit freeze and three days for the removal of a credit freeze, now, the credit agencies must act on them as soon as practicable, but no later than those time frames.   Third, when a consumer requests a credit freeze, the credit agency must offer to notify the other credit agencies on the consumer’s behalf.  Fourth, credit agencies cannot require a consumer to enter into any sort of agreement limiting claims he/she may have against the credit agency, as a condition of placing a security freeze.

Next, the Act requires that in the event of a breach that involves Social Security Numbers, businesses must provide identity theft protection to consumers for a period of twenty-four months rather than twelve months.  Anecdotally, this has been the practice of the Connecticut AG office; however, now the legislature codified it as law.  Staying on the topic of breaches, the Act also contains a mandate to the Banking Commissioner to adopt regulations that require credit agencies to provide a dedicated point of contact following a data breach and report certain financial information associated with identity theft protection and mitigation services.

Lastly, the Act contains certain restrictions on employers as to when they can require an employee to undergo a credit check.

© Copyright 2021 Murtha CullinaNational Law Review, Volume VIII, Number 156
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

Daniel Kagan, Murtha Cullina, health care attorney, regulatory compliance lawyer, reimbursement issue legal counsel
Associate

Mr. Kagan is an associate in the Health Care Group of Murtha Cullina.  He represents hospitals, physicians and other health care clients with a wide range of regulatory, compliance, risk management and reimbursement issues.

Prior to joining Murtha Cullina, Mr. Kagan clerked for the Honorable Lubbie Harper, Jr. and the Honorable Joseph H. Pellegrino of the Connecticut Appellate Court. 

Mr. Kagan received his J.D. with honors from the University of Connecticut Law School where he was a Notes and Comments Editor ...

203-772-7726
Advertisement
Advertisement
Advertisement