In June, Connecticut’s governor signed into law Senate Bill 949 which amended the State’s breach notification statute. The requirement that covered businesses must provide one year of identity theft protection services for certain breaches, easily the most popular aspect of the legislation, may have diverted attention from some significant aspects of this new law.

Senate Bill 949 is now law in Connecticut, after being signed by Governor Malloy on June 11. As we reported, this law amends the state’s current breach notification mandate to require that for breaches of certain personal information covered business must provide one year of free identity-theft protection for affected persons. So, beginning October

Following a string of states across the country that have strengthened their data breach notification laws in recent months, Connecticut is about to amend its law to require, among other things, that businesses provide one year of identity-theft protection for persons affected by the breach. Many businesses already extend such services to breach victims, but,

Connecticut joins five other states (Hawaii, Illinois, Oregon, Washington, and Maryland) in limiting what credit report information employers may use in making hiring or employment decisions.
Continue Reading Connecticut Becomes Sixth State to Prohibit Use of Credit Report Information in Making Employment Decisions

A new law in New York (eff. April 1, 2011) and a flurry of bills across the country (New Jersey, Nevada, Florida, Connecticut and Oregon) are aimed at requiring businesses to deal with their electronic waste in one form or another. Before discarding that old laptop, businesses should make sure they do so securely and in accordance with applicable state law.
Continue Reading Wondering What To Do With Your “Electronic Waste”?

What had been the first use of the enforcement authority under the HIPAA privacy regulations granted to a State Attorney General, has ended in a settlement agreement between Connecticut’s Insurance Department and Health Net of Connecticut. Under the agreement, Health Net will pay $375,000 in penalties, and it agreed to provide credit monitoring protection for 2 years to all affected persons in Connecticut

On August 18, 2010, the Connecticut Insurance Commissioner issued Bulletin IC-25 which mandates that entities within its jurisdiction notify the Department of Insurance of any "information security incident." This post provides a brief summary of this new requirement.

Who must provide the notice?

The Bulletin applies to all licensees and registrants of the Department. This generally means all entities