...

Connecticut ID Scanning Laws & Regulations

Connecticut sample drivers license

Can you scan IDs in Connecticut?

Yes. However, Connecticut law regulates a business’s ability to scan IDs in the context of selling age-restricted goods; otherwise, there is no law generally governing a business’s ability to scan IDs. 

Summary of Connecticut ID Scanning Laws

Connecticut law expressly authorizes businesses selling alcohol and tobacco to scan consumers’ IDs to prevent unlawful sales to those not meeting the minimum age requirements.  In so scanning IDs, businesses may electronically or mechanically record and maintain only the following information: 

  • name
  • date of birth
  • ID number
  • expiration date

Any use of such information must be limited to preventing unlawful sales and establishing an affirmative defense against a charge of unlawful sale, and such information is not allowed to be resold or disseminated to third parties. 

Penalty:  Each violation of this law is punishable by a civil penalty of no more than $1,000.

Does Connecticut offer affirmative defense for ID scanning?

Yes. Connecticut has clear affirmative defense laws for ID scanning for both alcohol and tobacco sales.

Sec 30-86 Sale or delivery to minors

Use of transaction scan devices. (a) As used in this section:
(1) “Cardholder” means any person who presents a driver’s license or an identity card to a permittee or permittee’s agent or employee, to purchase or receive alcoholic liquor from such permittee or permittee’s agent or employee;
(2) “Identity card” means an identification card issued in accordance with the provisions of section 1-1h;
(3) “Transaction scan” means the process by which a permittee or permittee’s agent or employee checks, by means of a transaction scan device, the validity of a driver’s license or an identity card; and
(4) “Transaction scan device” means any commercial device or combination of devices used at a point of sale that is capable of deciphering in an electronically readable format the information encoded on the magnetic strip or bar code of a driver’s license or an identity card.
(b) (1) Any permittee or any servant or agent of a permittee who sells or delivers alcoholic liquor to any minor or any intoxicated person, or to any habitual drunkard, knowing the person to be such an habitual drunkard, shall be subject to the penalties of section 30-113.
(2) Any person who sells, ships, delivers or gives alcoholic liquor to a minor, by any means, including, but not limited to, the Internet or any other on-line computer network, except on the order of a practicing physician, shall be fined not more than one thousand five hundred dollars or imprisoned not more than eighteen months, or both.
(3) The provisions of this subsection shall not apply (A) to a sale, shipment or delivery made to a person over age eighteen who is an employee or permit holder under section 30-90a and where such sale, shipment or delivery is made in the course of such person’s employment or business, (B) to a sale, shipment or delivery made in good faith to a minor who practices any deceit in the procurement of an identity card issued in accordance with the provisions of section 1-1h, who uses or exhibits any such identity card belonging to any other person or who uses or exhibits any such identity card that has been altered or tampered with in any way, or (C) to a shipment or delivery made to a minor by a parent, guardian or spouse of the minor, provided such parent, guardian or spouse has attained the age of twenty-one and provided such minor possesses such alcoholic liquor while accompanied by such parent, guardian or spouse.
(4) Nothing in this subsection shall be construed to burden a person’s exercise of religion under section 3 of article first of the Constitution of the state in violation of subsection (a) of section 52-571b.
(c) (1) A permittee or permittee’s agent or employee may perform a transaction scan to check the validity of a driver’s license or identity card presented by a cardholder as a condition for selling, giving away or otherwise distributing alcoholic liquor to the cardholder.
(2) If the information deciphered by the transaction scan performed under subdivision (1) of this subsection fails to match the information printed on the driver’s license or identity card presented by the cardholder, or if the transaction scan indicates that the information so printed is false or fraudulent, neither the permittee nor any permittee’s agent or employee shall sell, give away or otherwise distribute any alcoholic liquor to the cardholder.
(3) Subdivision (1) of this subsection does not preclude a permittee or permittee’s agent or employee from using a transaction scan device to check the validity of a document presented as identification other than a driver’s license or an identity card, if the document includes a bar code or magnetic strip that may be scanned by the device, as a condition for selling, giving away or otherwise distributing alcoholic liquor to the person presenting the document.
(d) (1) No permittee or permittee’s agent or employee shall electronically or mechanically record or maintain any information derived from a transaction scan, except the following: (A) The name and date of birth of the person listed on the driver’s license or identity card presented by a cardholder; (B) the expiration date and identification number of the driver’s license or identity card presented by a cardholder.
(2) No permittee or permittee’s agent or employee shall use a transaction scan device for a purpose other than the purposes specified in subsection (c) of this section or subsection (d) of section 53-344.
(3) No permittee or permittee’s agent or employee shall sell or otherwise disseminate the information derived from a transaction scan to any third party for any purpose, including, but not limited to, any marketing, advertising or promotional activities, except that a permittee or permittee’s agent or employee may release that information pursuant to a court order.
(4) Nothing in subsection (c) of this section or this subsection relieves a permittee or permittee’s agent or employee of any responsibility to comply with any other applicable state or federal laws or rules governing the sale, giving away or other distribution of alcoholic liquor.
(5) Any person who violates this subsection shall be subject to a civil penalty of not more than one thousand dollars.
(e) (1) In any prosecution of a permittee or permittee’s agent or employee for selling alcoholic liquor to a minor in violation of subsection (b) of this section, it shall be an affirmative defense that all of the following occurred: (A) A cardholder attempting to purchase or receive alcoholic liquor presented a driver’s license or an identity card; (B) a transaction scan of the driver’s license or identity card that the cardholder presented indicated that the license or card was valid; and (C) the alcoholic liquor was sold, given away or otherwise distributed to the cardholder in reasonable reliance upon the identification presented and the completed transaction scan.
(2) In determining whether a permittee or permittee’s agent or employee has proven the affirmative defense provided by subdivision (1) of this subsection, the trier of fact in such prosecution shall consider that reasonable reliance upon the identification presented and the completed transaction scan may require a permittee or permittee’s agent or employee to exercise reasonable diligence and that the use of a transaction scan device does not excuse a permittee or permittee’s agent or employee from exercising such reasonable diligence to determine the following: (A) Whether a person to whom the permittee or permittee’s agent or employee sells, gives away or otherwise distributes alcoholic liquor is twenty-one years of age or older; and (B) whether the description and picture appearing on the driver’s license or identity card presented by a cardholder are those of the cardholder.

(1949 Rev., S. 4293; 1971, P.A. 343, S. 2; P.A. 82-68, S. 3, 11; P.A. 84-478, S. 2, 5; P.A. 86-151, S. 3; P.A. 99-237, S. 1; P.A. 01-92, S. 1; P.A. 03-19, S. 71; P.A. 06-112, S. 3.)

History of Revisions

1971 act deleted provision which had forbidden permittee to sell liquor to “any person after having received notice from the selectmen, as provided in Sec. 30-83 or 30-84, not to sell or give such liquor to such person”;

P.A. 82-68 provided that the sale or delivery prohibition is inapplicable to persons over 18 employed or holding a permit and where the sale or delivery is made in the course of such person’s business;

P.A. 84-478 increased the penalty for furnishing liquor to minors to $1,500 or imprisonment for 18 months or both, and excepted from this provision any sale made in good faith, effective July 1, 1985;

P.A. 86-151 exempted deliveries made to a minor by a parent, guardian or spouse who has attained the age of 21, provided the minor possesses such liquor while accompanied by such parent, guardian or spouse;

P.A. 99-237 made technical and gender neutral changes and added provision prohibiting shipment or sale of alcoholic liquor to persons under 21 years of age by any means, specifically including shipment or sales arranged via the Internet or any other on-line computer network; P.A. 01-92 added new Subsec. (a) re definitions, designated existing language as Subsec. (b), added new Subsec. (c) re use of a transaction scan device, added new Subsec. (d) re prohibited acts and added new Subsec. (e) re affirmative defense;

P.A. 03-19 made a technical change in Subsec. (e)(2)(B), effective May 12, 2003;

P.A. 06-112 amended Subsec. (b) to designate prohibition on certain sales or deliveries by permittees or their servants or agents as Subdiv. (1), designate prohibition on any person selling, shipping, delivering or giving alcoholic liquor to a minor as Subdiv. (2), designate exceptions to prohibitions as Subdiv. (3) and amend same to replace numeric Subdiv. indicators with alphabetic Subpara. indicators, add Subdiv. (4) providing that nothing in Subsec. shall be construed to burden a person’s exercise of religion under Art. 1, Sec. 3 of the state constitution in violation of Sec. 52-571b(a) and make technical changes.

Section 42-110aa. Refund & Exchange Policies

(a) Refusal to accept returns prohibited. Use of electronic monitoring system. No person engaged in trade or commerce in this state, upon the return of goods purchased from such person’s place of business, shall refuse to accept the returned goods immediately and issue the individual returning such goods either a cash or credit refund of the purchase price or credit towards the purchase of another item offered for sale at such person’s place of business, provided such return is made within the period of time established by such person for the acceptance of returned goods and provided further, such goods are returned in a manner consistent with such person’s conspicuously posted refund or exchange policy.

Any such person that utilizes an electronic system to record, monitor and limit the number or total dollar value of returns made by a consumer shall clearly indicate the use of such system within such person’s conspicuously posted refund or exchange policy.

Chapter 96. Offenses Against Public Policy. Sale of Cigarettes & Tobacco Products to Minors

Purchase or misrepresentation of age to purchase tobacco or possession of tobacco in public place by persons under eighteen. Transaction scans. Affirmative defense. (a) As used in this section:
(1) “Cardholder” means any person who presents a driver’s license or an identity card to a seller or seller’s agent or employee, to purchase or receive tobacco from such seller or seller’s agent or employee;
(2) “Identity card” means an identification card issued in accordance with the provisions of section 1-1h;
(3) “Transaction scan” means the process by which a seller or seller’s agent or employee checks, by means of a transaction scan device, the validity of a driver’s license or an identity card; and
(4) “Transaction scan device” means any commercial device or combination of devices used at a point of sale that is capable of deciphering in an electronically readable format the information encoded on the magnetic strip or bar code of a driver’s license or an identity card.
(b) Any person who sells, gives or delivers to any minor under eighteen years of age tobacco, unless the minor is delivering or accepting delivery in such person’s capacity as an employee, in any form shall be fined not more than two hundred dollars for the first offense, not more than three hundred fifty dollars for a second offense within an eighteen-month period and not more than five hundred dollars for each subsequent offense within an eighteen-month period.
(c) Any person under eighteen years of age who purchases or misrepresents such person’s age to purchase tobacco in any form or possesses tobacco in any form in any public place shall be fined not more than fifty dollars for the first offense and not less than fifty dollars or more than one hundred dollars for each subsequent offense. For purposes of this subsection, “public place” means any area that is used or held out for use by the public whether owned or operated by public or private interests.
(d) (1) A seller or seller’s agent or employee may perform a transaction scan to check the validity of a driver’s license or identity card presented by a cardholder as a condition for selling, giving away or otherwise distributing tobacco to the cardholder.
(2) If the information deciphered by the transaction scan performed under subdivision (1) of this subsection fails to match the information printed on the driver’s license or identity card presented by the cardholder, or if the transaction scan indicates that the information so printed is false or fraudulent, neither the seller nor any seller’s agent or employee shall sell, give away or otherwise distribute any tobacco to the cardholder.
(3) Subdivision (1) of this subsection does not preclude a seller or seller’s agent or employee from using a transaction scan device to check the validity of a document other than a driver’s license or an identity card, if the document includes a bar code or magnetic strip that may be scanned by the device, as a condition for selling, giving away or otherwise distributing tobacco to the person presenting the document.
(e) (1) No seller or seller’s agent or employee shall electronically or mechanically record or maintain any information derived from a transaction scan, except the following: (A) The name and date of birth of the person listed on the driver’s license or identity card presented by a cardholder; (B) the expiration date and identification number of the driver’s license or identity card presented by a cardholder.
(2) No seller or seller’s agent or employee shall use a transaction scan device for a purpose other than the purposes specified in subsection (d) of this section or subsection (c) of section 30-86.
(3) No seller or seller’s agent or employee shall sell or otherwise disseminate the information derived from a transaction scan to any third party, including, but not limited to, selling or otherwise disseminating that information for any marketing, advertising or promotional activities, but a seller or seller’s agent or employee may release that information pursuant to a court order.
(4) Nothing in subsection (d) of this section or this subsection relieves a seller or seller’s agent or employee of any responsibility to comply with any other applicable state or federal laws or rules governing the sale, giving away or other distribution of tobacco.
(5) Any person who violates this subsection shall be subject to a civil penalty of not more than one thousand dollars.
(f) (1) In any prosecution of a seller or seller’s agent or employee for a violation of subsection (b) of this section, it shall be an affirmative defense that all of the following occurred: (A) A cardholder attempting to purchase or receive tobacco presented a driver’s license or an identity card; (B) a transaction scan of the driver’s license or identity card that the cardholder presented indicated that the license or card was valid; and (C) the tobacco was sold, given away or otherwise distributed to the cardholder in reasonable reliance upon the identification presented and the completed transaction scan.
(2) In determining whether a seller or seller’s agent or employee has proven the affirmative defense provided by subdivision (1) of this section, the trier of fact in such prosecution shall consider that reasonable reliance upon the identification presented and the completed transaction scan may require a seller or seller’s agent or employee to exercise reasonable diligence and that the use of a transaction scan device does not excuse a seller or seller’s agent or employee from exercising such reasonable diligence to determine the following: (A) Whether a person to whom the seller or seller’s agent or employee sells, gives away or otherwise distributes tobacco is eighteen years of age or older; and (B) whether the description and picture appearing on the driver’s license or identity card presented by a cardholder is that of the cardholder.

Bill #7012, Protection of PII For Members of the Armed Forces & Veterans

Approved by the Governor 6/30/2017; effective 10/1/2017.

Any person who collects Social Security numbers or any military identification information in the course of business shall create a privacy protection policy which shall be published or publicly displayed. For purposes of this subsection, “publicly displayed” includes, but is not limited to, posting on an Internet web page. Such policy shall: (1) Protect the confidentiality of Social Security numbers and any military identification information, (2) prohibit unlawful disclosure of Social Security numbers or any military identification information, and (3) limit access to Social Security numbers or any military identification.

Bill #HB5469, Governor’s Recommendations Regarding eCigarettes

Would authorize sellers of electronic nicotine delivery systems to perform a transaction scan to check the validity of a driver’s license or identity card presented by a cardholder who is purchasing or obtaining an electronic nicotine delivery system.  A seller would be prohibited from maintaining any information derived from a transaction scan, except the name and date of birth of the person listed on a driver’s license or identity card, and the expiration date and identification number of the driver’s license or identity card.

Signed by Governor on 06/09/16.

On and after October 1, 2016, a local or regional board of education shall enter into a written contract with a contractor any time such local or regional board of education shares or provides access to student information, student records or student-generated content with such contractor. Each such contract shall include, but need not be limited to, the following:

A statement that student information, student records and student-generated content are not the property of or under the control of a contractor;

 A description of the means by which the local or regional board of education may request the deletion of student information, student records or student-generated content in the possession of the contractor;

A statement that the contractor shall not use student information, student records and student-generated content for any purposes other than those authorized pursuant to the contract;

A description of the procedures by which a student, parent or legal guardian of a student may review personally identifiable information contained in student information, student records or student-generated content and correct erroneous information, if any, in such student record;

A statement that the contractor shall take actions designed to ensure the security and confidentiality of student information, student records and student-generated content;

A description of the procedures that a contractor will follow to notify the local or regional board of education, in accordance with the provisions of section 4 of this act, when there has been an unauthorized release, disclosure or acquisition of student information, student records or student-generated content;

A statement that student information, student records or student-generated content shall not be retained or available to the contractor upon completion of the contracted services unless a student, parent or legal guardian of a student chooses to establish or maintain an electronic account with the contractor for the purpose of storing student-generated content.

Connecticut SB1108 on Data Privacy

Signed by Governor on 07/09/19; Effective 01/01/2020.

Will require businesses to disclose the proposed use of any personal information and to give consumers the right to discover what personal information the business possesses and to opt out of the sale of such information and to create a cause of action and penalties for violations of such requirements.

Connecticut Public Act No. 13-3 Concerning Gun Violence Prevention

[(b)] Upon the sale, delivery or other transfer of the [firearm] long gun, the [purchaser] transferee shall sign in triplicate a receipt for such [firearm] long gun, which shall contain the name, [and] address and date and place of birth of such [purchaser] transferee, the date of such sale, delivery or transfer and the caliber, make, model and manufacturer’s number and a general description thereof. Not later than twenty-four hours after such sale, delivery or transfer, the [vendor] transferor shall send by first class mail or electronically transfer one receipt to the Commissioner of Emergency Services and Public Protection and one receipt to the chief of police or, where there is no chief of police, the warden of the borough or the first selectman, of the town in which the [purchaser] transferee resides, and shall retain one receipt, together with the original application, for at least five years. [The]

(e) No sale, delivery or other transfer of any long gun shall be made by a person who is not a federally-licensed firearm manufacturer, importer or dealer to a person who is not a federally-licensed firearm manufacturer, importer or dealer unless:

(1) The prospective transferor and prospective transferee comply with the provisions of subsection (d) of this section and the prospective transferor has obtained an authorization number from the Commissioner of Emergency Services and Public Protection for such sale, delivery or transfer; or

(2) A national instant criminal background check has been initiated by a federally-licensed firearm dealer who has consented to initiate such check at the request of the prospective transferor or prospective transferee in accordance with subsection (f) of this section and the response received by the federally-licensed firearm dealer indicates the prospective transferee is eligible to receive such long gun.

(f) (1) On and after January 1, 2014, for purposes of a transfer pursuant to subdivision (2) of subsection (e) of this section, a prospective transferor or prospective transferee may request a federally-licensed firearm dealer to initiate a national instant criminal background check of the prospective transferee. If a federally-licensed firearm dealer consents to initiate a national instant criminal background check, the prospective transferor or prospective transferee shall provide to such dealer the name, sex, race, date of birth and state of residence of the prospective transferee and, if necessary to verify the identity of the prospective transferee, may provide a unique numeric identifier including, but not limited to, a Social Security number, and additional identifiers including, but not limited to, height, weight, eye and hair color, and place of birth. The prospective transferee shall present to the dealer such prospective transferee’s valid long gun eligibility certificate issued pursuant to section 2 of this act, valid permit to carry a pistol or revolver issued pursuant to subsection (b) of section 29-28, as amended by this act, valid permit to sell at retail a pistol or revolver issued pursuant to subsection (a) of section 29-28 or valid eligibility certificate for a pistol or revolver issued pursuant to section 29-36f, as amended by this act. The dealer may charge a fee not to exceed twenty dollars for initiating such background check.

Public Act No. 21-50, Concerning Data Breaches

(a) For purposes of this section, (1) “breach of security” means unauthorized access to or unauthorized acquisition of electronic files, media, databases or computerized data, containing personal information when access to the personal information has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable; and (2) “personal information” means an individual’s (A) first name or first initial and last name in combination with any one, or more, of the following data: [(A)] (i) Social Security number; [(B)] (ii) taxpayer identification number; (iii) identity protection personal identification number issued by the Internal Revenue Service; (iv) driver’s license number, [or] state identification card number, passport number, military identification number or other identification number issued by the government that is commonly used to verify identity; [(C)] (v) credit or debit card number; [or (D)] (vi) financial account number in combination with any required security code, access code or password that would permit access to such financial account; (vii) medical information regarding an individual’s medical history, mental or  physical condition, or medical treatment or diagnosis by a health care professional; (viii) health insurance policy number or subscriber identification number, or any unique identifier used by a health insurer to identify the individual; or (ix) biometric information consisting of data generated by electronic measurements of an individual’s unique physical characteristics used to authenticate or ascertain the individual’s identity, such as a fingerprint, voice print, retina or iris image; or (B) user name or electronic mail address, in combination with a password or security question and answer that would permit access to an online account. “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.  (b) (1) Any person who [conducts business in this state, and who, in  the ordinary course of such person’s business,] owns, licenses or maintains computerized data that includes personal information, shall provide notice of any breach of security following the discovery of the breach to any resident of this state whose personal information was breached or is reasonably believed to have been breached. Such notice shall be made without unreasonable delay but not later than [ninety] sixty days after the discovery of such breach, unless a shorter time is required under federal law, subject to the provisions of subsection (d) of this section. [and the completion of an investigation by such person to determine the nature and scope of the incident, to identify the individuals affected, or to restore the reasonable integrity of the data system.] If the person identifies additional residents of this state whose personal information was breached or reasonably believed to have been breached following sixty days after the discovery of such breach, the person shall proceed in good faith to notify such additional residents as expediently as possible. Such notification shall not be required if, after an appropriate investigation [and consultation with relevant federal, state and local agencies responsible for law enforcement,] the person reasonably determines that the breach will not likely result in harm to the individuals whose personal information has been acquired [and] or accessed.  (2) If notice of a breach of security is required by subdivision (1) of  this subsection: (A) The person who [conducts business in this state, and who, in the ordinary course of such person’s business,] owns, licenses or maintains computerized data that includes personal information, shall, not later  than the time when notice is provided to the resident, also provide notice of the breach of security to the Attorney General; and (B) The person who [conducts business in this state, and who, in the ordinary course of such person’s business,] owns or licenses computerized data that includes personal information, shall offer to each resident whose [nonpublic] personal information under [subparagraph (B)(i) of subdivision (9) of subsection (b) of section 38a69 38 or personal information as defined in] clause (i) or (ii) of subparagraph (A) of subdivision (2) of subsection (a) of this section was breached or is reasonably believed to have been breached, appropriate identity theft prevention services and, if applicable, identity theft mitigation services. Such service or services shall be provided at no cost to such resident for a period of not less than twenty-four months. Such person shall provide all information necessary for such resident to enroll in such service or services and shall include information on how such resident can place a credit freeze on such resident’s credit file. (c) Any person that maintains computerized data that includes personal information that the person does not own shall notify the owner or licensee of the information of any breach of the security of the data immediately following its discovery, if the personal information of a resident of this state was breached or is reasonably believed to have been breached. (d) Any notification required by this section shall be delayed for a reasonable period of time if a law enforcement agency determines that the notification will impede a criminal investigation and such law enforcement agency has made a request that the notification be delayed.  Any such delayed notification shall be made after such law enforcement agency determines that notification will not compromise the criminal investigation and so notifies the person of such determination.