Connecticut Seal

General Assembly

 

Raised Bill No. 1024

January Session, 2015

 

LCO No. 4344

 

*04344_______INS*

Referred to Committee on INSURANCE AND REAL ESTATE

 

Introduced by:

 

(INS)

 

AN ACT CONCERNING THE SECURITY OF CONSUMER DATA.

Be it enacted by the Senate and House of Representatives in General Assembly convened:

Section 1. (NEW) (Effective from passage) (a) As used in this section, (1) "encrypt" means the transformation of electronic data into a form in which meaning cannot be assigned without the use of a confidential process or key, and (2) "personal information" means an individual's first name or first initial and last name in combination with any one or more of the following data: (A) A Social Security number; (B) a driver's license number or a state identification number; (C) an address; or (D) identifiable health information. "Personal information" does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.

(b) Not later than two years after the effective date of this section, each insurer, health care center and other entity licensed to do health insurance business in this state, pharmacy benefits manager, as defined in section 38a-479aaa of the general statutes, third-party administrator, as defined in section 38a-720 of the general statutes, that administers health benefits, and utilization review company, as defined in section 38a-591a of the general statutes, shall implement security technology that encrypts the personal information of insureds and enrollees that is compiled or maintained by such insurer, health care center or other entity, pharmacy benefits manager, third-party administrator or utilization review company.

(c) Any such security technology shall be updated as is necessary and practicable. The Insurance Commissioner, in consultation with the Commissioner of Consumer Protection, shall adopt regulations, in accordance with the provisions of chapter 54 of the general statutes, to establish minimum standards for such security technology and to implement the provisions of this section.

This act shall take effect as follows and shall amend the following sections:

Section 1

from passage

New section

Statement of Purpose:

To require health insurers and other entities to implement security technology that encrypts the personal information of insureds and enrollees that is compiled or maintained by such insurer or entity, and to authorize the Insurance Commissioner to adopt regulations in consultation with the Commissioner of Consumer Protection to establish minimum standards for such security technology.

[Proposed deletions are enclosed in brackets. Proposed additions are indicated by underline, except that when the entire text of a bill or resolution or a section of a bill or resolution is new, it is not underlined.]