Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law (Public Act No. 21-119), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with
Connecticut
Connecticut on its Way to an Enhanced Data Breach Notification Law
UPDATE: On June 16, Gov. Ned Lamont signed HB 5310 into law which becomes effective October 1, 2021.
State legislatures across the nation are prioritizing privacy and security matters, and Connecticut is no exception. This week, Connecticut Attorney General William Tong announced the passage of An Act Concerning Data Privacy Breaches, a measure that…
The Inexplicit Requirement and Definitive Necessity for Employers to Implement Privacy Policies
In the face of seemingly daily news reports of company data breaches and the mounting legislative concern and efforts on both the state and federal level to enact laws safeguarding personal information maintained by companies, employers should be questioning whether they should implement privacy policies to address the protection of personal information they maintain on…
Connecticut State Contractors, Health Insurance Industry Businesses Subject to Enhanced Significant Data Security Mandates
In June, Connecticut’s governor signed into law Senate Bill 949 which amended the State’s breach notification statute. The requirement that covered businesses must provide one year of identity theft protection services for certain breaches, easily the most popular aspect of the legislation, may have diverted attention from some significant aspects of this new law.…
Connecticut Enacts SB 949 Requiring One Year of Free Identity Theft Protection Services For Certain Data Breaches
Senate Bill 949 is now law in Connecticut, after being signed by Governor Malloy on June 11. As we reported, this law amends the state’s current breach notification mandate to require that for breaches of certain personal information covered business must provide one year of free identity-theft protection for affected persons. So, beginning October…
Connecticut May Require Businesses to Offer One Year of Identity Theft Protection Services Following a Data Breach, Joining Other States in Strengthening Notification Laws
Following a string of states across the country that have strengthened their data breach notification laws in recent months, Connecticut is about to amend its law to require, among other things, that businesses provide one year of identity-theft protection for persons affected by the breach. Many businesses already extend such services to breach victims, but,…
Connecticut AG Makes Email Address Available to Companies to Report Data Breaches
Connecticut AG prepares for amendments to Connecticut’s data breach law going into effect on Oct. 1, 2012.…
Continue Reading Connecticut AG Makes Email Address Available to Companies to Report Data Breaches
Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required
By Joseph J. Lazzarotti on
Notice to Connecticut Attorney General now required following data breaches affecting state residents.…
Continue Reading Connecticut Amends Data Breach Notification Statute; Notice to Attorney General Now Required
Connecticut Attorney General Establishes Privacy Task Force
Newly created Privacy Task Force in Connecticut may lead to increased enforcement.…
Continue Reading Connecticut Attorney General Establishes Privacy Task Force
Connecticut Becomes Sixth State to Prohibit Use of Credit Report Information in Making Employment Decisions
By Joseph J. Lazzarotti on
Connecticut joins five other states (Hawaii, Illinois, Oregon, Washington, and Maryland) in limiting what credit report information employers may use in making hiring or employment decisions.…
Continue Reading Connecticut Becomes Sixth State to Prohibit Use of Credit Report Information in Making Employment Decisions