PA 06-50—sSB 566

General Law Committee

Judiciary Committee

AN ACT CONCERNING ELECTRONIC MAIL MESSAGE PHISHING

SUMMARY: This act prohibits using the Internet or an e-mail message to solicit or induce anyone to provide identifying information by pretending to be an on-line Internet business without the business's authorization.

It authorizes the attorney general or anyone aggrieved by a violation to sue to enforce it and restrain further violations. The court may award actual damages or $25,000, whichever is greater, for each violation. It may triple the damage award if it determines that the defendant has engaged in a pattern and practice of violations.

A violation is also a class D felony (see Table on Penalties). Multiple violations committed in the course of a single act constitute a single violation for purposes of the criminal penalty.

Under the act, an Internet service provider is not liable for identifying, removing, or disabling access to a web page or other on-line location that it believes in good faith is being used to violate the prohibition.

EFFECTIVE DATE: October 1, 2006

DEFINITIONS

E-Mail Messages

The act defines “e-mail message” as a message sent to a unique destination consisting of a unique user name or mailbox and a reference to an Internet domain, whether or not displayed, to which the message can be sent.

Identifying Information

The act defines “identifying information” as specific details that can be used to access a person's financial accounts or to obtain goods or services. It can include a Social Security, driver's license, bank account, credit or debit card, or personal identification number; automated or electronic signature; unique biometric data; or account password.

OLR Tracking: DD: SS: JL: ts