AN ACT CONCERNING THE PRIVACY OF TELEPHONE RECORDS.

Be it enacted by the Senate and House of Representatives in General Assembly convened:

Section 1. (NEW) (Effective October 1, 2006) As used in sections 2 and 3 of this act:

(1) "Individually identifiable consumer information" means any information that identifies a particular consumer including name, address, telephone number, calling history and activity, billing records and unlisted telephone numbers; and

(2) "Telecommunications company" shall have the same meaning as provided in subsection (a) of section 16-1 of the 2006 supplement to the general statutes.

Sec. 2. (NEW) (Effective October 1, 2006) Except as provided in 47 USC 222(d) or as otherwise authorized by law, no telecommunications company shall disclose any individually identifiable consumer information unless the consumer has provided written authorization for such disclosure that is separate from any other document and contains in clear, conspicuous type the following notice: "INDIVIDUALLY IDENTIFIABLE CONSUMER INFORMATION MAY BE USED TO STEAL YOUR IDENTITY. SIGNING THIS DOCUMENT ALLOWS THE TELECOMMUNICATIONS COMPANY TO DISCLOSE INDIVIDUALLY IDENTIFIABLE CONSUMER INFORMATION TO OTHERS. YOU DO NOT NEED TO SIGN THIS AUTHORIZATION IN ORDER TO RECEIVE TELECOMMUNICATIONS SERVICES".

Sec. 3. (NEW) (Effective October 1, 2006) (a) Each telecommunications company shall maintain reasonable procedures to prohibit unauthorized disclosure of or illegal access to individually identifiable consumer information including, but not limited to, the offering of personal identification numbers and other procedures for consumers to protect the confidentiality of their individually identifiable consumer information.

(b) Before any telecommunications company discloses any individually identifiable consumer information upon request of any person, the telecommunications company or its agent shall verify the identity of the person making the request and that such person is authorized to receive such information. The telecommunications company shall also require the person making the request to certify that such person is authorized by law to receive such information and will use such information solely for the purposes allowed by such authorization. The telecommunications company shall refuse to disclose individually identifiable consumer information to the person making the request if the company cannot reasonably verify the identity of such person or has reason to believe that such person is not authorized to receive such information.

(c) A violation of this section shall constitute an unfair or deceptive trade practice under subsection (a) of section 42-110b of the general statutes

Sec. 4. Section 53a-129a of the general statutes is repealed and the following is substituted in lieu thereof (Effective October 1, 2006):

(a) A person commits identity theft when such person intentionally obtains personal identifying information of another person without the authorization of such other person and uses that information to obtain or attempt to obtain, money, credit, goods, services, property or medical information in the name of such other person without the consent of such other person.

(b) As used in this section, "personal identifying information" means any name, number or other information that may be used, alone or in conjunction with any other information, to identify a specific individual including, but not limited to, such individual's name, date of birth, mother's maiden name, motor vehicle operator's license number, Social Security number, employee identification number, employer or taxpayer identification number, alien registration number, government passport number, health insurance identification number, demand deposit account number, savings account number, credit card number, debit card number, individually identifiable consumer information, as defined in section 1 of this act, or unique biometric data such as fingerprint, voice print, retina or iris image, or other unique physical representation.

Sec. 5. Section 52-571h of the general statutes is repealed and the following is substituted in lieu thereof (Effective October 1, 2006):

(a) Any person aggrieved by an act constituting a violation of section 53a-129a of the general statutes, revision of 1958, revised to January 1, 2003, or section 53a-129b, 53a-129c or 53a-129d, including a telecommunications company with respect to individually identifiable consumer information, as defined in section 1 of this act, may bring a civil action in the Superior Court for damages against the person who committed the violation.

(b) In any civil action brought under this section in which the plaintiff prevails, the court shall award the greater of [one] ten thousand dollars or treble damages, together with costs and a reasonable attorney's fee.

(c) No action under this section shall be brought but within two years from the date when the violation is discovered or in the exercise of reasonable care should have been discovered.

Statement of Purpose:

To restrict the disclosure of telephone records by telecommunications companies to third parties, require telecommunications companies to take steps to prevent unauthorized disclosure of telephone records and increase the minimum amount of damages awarded in a civil action for identity theft.

[Proposed deletions are enclosed in brackets. Proposed additions are indicated by underline, except that when the entire text of a bill or resolution or a section of a bill or resolution is new, it is not underlined.]