Connecticut Seal

Substitute Senate Bill No. 566

Public Act No. 06-50

AN ACT CONCERNING ELECTRONIC MAIL MESSAGE PHISHING.

Be it enacted by the Senate and House of Representatives in General Assembly convened:

Section 1. (NEW) (Effective October 1, 2006) (a) For purposes of this section:

(1) "Electronic mail message" means a message sent to a unique destination that consists of a unique user name or mailbox and a reference to an Internet domain, whether or not displayed, to which such message can be sent or delivered.

(2) "Identifying information" means specific details that can be used to access a person's financial accounts or to obtain goods or services, including, but not limited to, such person's Social Security number, driver's license number, bank account number, credit or debit card number, personal identification number, automated or electronic signature, unique biometric data or account password.

(b) No person shall, by means of an Internet web page, electronic mail message or otherwise using the Internet, solicit, request or take any action to induce another person to provide identifying information by representing that the person, either directly or by implication, is an on-line Internet business, without the authority or approval of such on-line Internet business.

(c) The Attorney General or any person aggrieved by a violation of subsection (b) of this section may file a civil action in superior court to enforce the provisions of this section and to enjoin further violations of this section. The Attorney General or such aggrieved person may recover actual damages or twenty-five thousand dollars, whichever is greater, for each violation of subsection (b) of this section.

(d) In a civil action under subsection (c) of this section, the court may increase the damage award to an amount equal to not more than three times the award provided in said subsection (c) if the court determines that the defendant has engaged in a pattern and practice of violating subsection (b) of this section.

(e) An interactive computer service provider shall not be held liable or found in violation of this section for identifying, removing or disabling access to an Internet web page or other on-line location that such provider believes in good faith is being used to engage in a violation of this section.

(f) A violation of subsection (b) of this section shall be a class D felony. Multiple violations resulting from a single action or act shall constitute one violation for the purposes of this subsection.

Approved May 8, 2006