Connecticut Expands Data Breach Notification Requirements And Establishes A Cybersecurity “Safe Harbor” – Technology

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.



United States:

Connecticut Expands Data Breach Notification Requirements And Establishes A Cybersecurity “Safe Harbor”


To print this article, all you need is to be registered or login on Mondaq.com.

On June 16 and July 6, 2021, Connecticut Governor Ned Lamont
signed two new cybersecurity laws that continue the national trend
of expanding cyber incident disclosure obligations, shortening
notification timelines, and incentivizing the implementation of
recognized cybersecurity standards. Both laws take effect on
October 1, 2021.

“An Act Concerning Data Privacy Breaches” Amends
Connecticut’s Existing Data Breach Law

The amended data breach law includes three key changes:

  • The time businesses have to notify affected Connecticut
    residents and the Office of the Attorney General of a data breach
    has been shortened from 90 days to no later than 60 days after
    discovery of the breach;

  • If notice cannot be effected within the new 60-day window, a
    novel and significant amendment requires companies to provide
    preliminary substitute notice to individuals, and follow up with
    direct notice as soon as possible; and

  • The law significantly expands the definition of “personal
    information” that may trigger notification obligations to
    include an IRS identity protection personal identification number,
    certain medical information, biometric information, a user name or
    email address in combination with a password or security question
    and answer (regardless of whether or not the individual’s name
    is accessed in combination with it), and a number of other data
    elements commonly included in other states’ data breach notice
    laws.

“An Act Incentivizing the Adoption of Cybersecurity
Standards for Businesses” Establishes a Cybersecurity
“Safe Harbor” Statute

The new law will establish…

Source…