On June 10, the state of Connecticut enacted a new law requiring safeguards on the paper and electronic storage of personal information. The new law, which takes effect October 1, 2008, may regulate any entity that stores credit card numbers, other account numbers, social security numbers, and other personally identifiable information.
To comply with the safeguard provisions of the Connecticut law, businesses will be required to classify the data they handle, identifying which of the data is personal information and map the flow of the personal information as it is received, processed, stored, transmitted and discarded. . . . Personal information must by rendered unreadable before disposal. Simply erasing hard drives and other electronic media will not be sufficient, as erasure does not guarantee that electronic information is no longer recoverable.
For more details about the law and the full alert, click here.