Following a series of data security breaches involving the loss of record amounts of personal information, including one bank's reported loss of up to 10 unencrypted tapes containing names and Social Security numbers, the Connecticut legislature passed Connecticut Public Act No. 08-167 (House Bill No. 5658) . Effective on October 1, 2008, the law requires any individual or business having possession of "Personal Information" of another person to (a) safeguard such data, computer files and documents containing the information from misuse by third parties, and (b) destroy, erase or make unreadable such data, computer files and documents prior to its disposal. Insurers and other financial services firms must comply if they have customers or do business in Connecticut; being physically located in Connecticut is not a prerequisite for compliance.

To read the Client Alert, click here.