PA 17-137—HB 7102
Veterans' Affairs Committee
AN ACT PROTECTING PERSONAL INFORMATION OF MEMBERS OF THE ARMED FORCES AND VETERANS
SUMMARY: This act requires any person in possession of military identification information to (1) safeguard the data, and computer files and documents containing it, from misuse by third parties and (2) destroy, erase, or make the data, computer files, and documents unreadable before disposing of them. (Under existing law, these same requirements already apply to people who possess other personal information, such as Social Security and driver's license numbers.)
If a financial institution adopts safeguards that comply with the 1999 federal Gramm-Leach-Bliley Act, this constitutes compliance under the act (see BACKGROUND).
The act defines “military identification information” as information identifying a person as a veteran or armed forces member, including a selective service number, military identification number, discharge document, military identification card, or military retiree identification card.
Anyone who violates the act is subject to a civil penalty of $500 for each violation, up to $500,000 for a single event, unless the violation was unintentional. Any civil penalties received must be deposited into the privacy protection guaranty and enforcement account established under existing law.
The act does not apply to (1) state agencies or political subdivisions or (2) publicly available information lawfully made available to the general public from federal, state, or local government records or widely distributed media.
EFFECTIVE DATE: October 1, 2017
VETERANS AND ARMED FORCES MEMBERS
Under the act, a “veteran” is anyone discharged or released under honorable conditions from active service in the armed forces. The “armed forces” means the U.S. Army, Navy, Marine Corps, Coast Guard, Air Force, and their reserve components, as well as the Connecticut National Guard performing duty under Title 32 of the U.S. Code (e.g., Homeland Security missions).
The 1999 federal Gramm-Leach-Bliley Act applies to financial institutions' handling of nonpublic, personal information. It requires federal regulators to establish comprehensive standards for ensuring the security and confidentiality of consumers' personal financial information.