Senate Democrats announced privacy legislation Wednesday prompted by last month’s massive Anthem data breach that may have compromised the personal information of tens of millions of its customers.
The legislation would require healthcare companies to have encryption technologies, which Senate Majority Leader Bob Duff, D-Norwalk, said would have prevented the Anthem breach.
Encryption technologies can limit the amount of data that even authorized users can view, making it more difficult to compromise massive amounts of data, said Duff.
“Federal standards have not been enough. That is why we need to step up our game here in Connecticut,” Duff said, referring to a 2009 federal law to spend almost $26 billion on expanding health information technology.
Senate President Martin Looney noted that the federal Health Insurance Portability and Accountability Act (HIPAA) only encourages encryption procedures to ensure consumer protection. Looney said the state legislation would fill a gap by mandating these technologies.
Looney said lawmakers have proposed another consumer-privacy vehicle in a bill that would require companies to notify consumers of unauthorized access to personal data upon occurrence.
Policymakers have yet to agree on how the bill would be enforced, but Looney said a company that does not comply with the encryption requirement would have a disadvantage in the market compared with those that follow the rule.
“It was alarming to hear that the number of attacks on our state system approaches almost a million a month. We know this happens in government, but what we don’t know is how it also affects business,” Sen. Joan Hartley, D-Waterbury, said.
Hartley added that the Commerce Committee also is talking about a piece of legislation that would provide a strategic partnership with the new cybersecurity efforts.
“While we may not be able to prevent hackers from getting in, we can at least limit what information they get and render it useless,” said Duff.
At a press conference last week, Attorney General George Jepsen called the Anthem hack “one of the largest, most in-depth data breaches in history, not just in the number of people who are directly affected, but in the kinds of information that has been compromised.”
