Overview of Connecticut ID scanning laws
Connecticut has 6 laws which we consider relevant to ID verification, in addition to other laws which may related to age verification, identity verification, KYC, privacy, and biometrics.
Can you scan IDs in Connecticut?
Yes. Connecticut law expressly authorizes businesses selling alcohol and tobacco to scan consumers’ IDs to prevent unlawful sales to those not meeting the minimum age requirements. Businesses may electronically or mechanically record and maintain only the following information:
- name
- date of birth
- ID number
- expiration date
Can you save data from a scanned ID in Connecticut?
Yes. Connecticut law restricts businesses retaining information from ID scans for age-restricted goods to the above standards, but there are no other regulations in place regarding saved data from ID scans.
Does Connecticut offer affirmative defense for ID scanning?
Yes. Connecticut has clear affirmative defense laws for ID scanning for both alcohol (Sec 30-86) and tobacco sales (Chapter 96).
What types of IDs does Connecticut issue?
Connecticut issues drivers licenses and state IDs, including REAL ID.
Individual Connecticut ID verification laws
Age verification for alcohol sales
Connecticut requires that businesses verify age for alcohol sales, and offers affirmative defense for sellers who scan IDs.
Age verification for tobacco sales
Connecticut requires that businesses verify age for tobacco sales, and offers affirmative defense for sellers who scan IDs.
Refunds and exchanges
Connecticut law requires businesses to accept returned goods but allows for an electronic system to record, monitor, and limit the number or dollar value of returned goods provided the system is disclosed in the refund policy.
ID scanning for vapes and eCigarettes
Connecticut authorizes sellers of electronic nicotine systems to perform ID scans to check the validity of ID. Sellers can only retain the customer’s name, birth date, ID number, and expiration date.
Record keeping for firearm sales
Sellers must sign 3 receipts for firearms, including the name, address, date and place of birth the purchaser, the date of sale, the caliber, make, model and manufacturer’s number. Receipts must be sent to the Commissioner of the DESPP and the chief of police within 24 hours.
Age verification for social media
In Connecticut, social media platforms are required to provide children under 18 with the right to unpublish and delete their accounts from public visibility, and must obtain parental consent to collect data from children under 13.
Data privacy laws in Connecticut
The Connecticut Data Privacy Act (CTDPA) is a comprehensive data privacy law that requires businesses honor universal opt-out preferences.
Connecticut also has a specific protection of PII for members of the armed forces and veterans and for student records. According to Bill 7012, “Any person who collects Social Security numbers or any military identification information in the course of business shall create a privacy protection policy which shall be published or publicly displayed” to protect the confidentiality and unlawful disclosure of PII.
Connecticut HB5469 requires student information and student records be accessible to the student, or their parent, and allow for corrections to be made. Student records and information must be kept secure and confidential; the local or regional board of education must be notified if a breach of this data occurs.
