Skip to main content

Revisions to Connecticut Data Breach Notification Law Pass in Budget Bill

We have been following proposed legislation to modify the Connecticut data breach notification law as it worked its way (unsuccessfully) through the 2012 General Session of the legislature.   To our surprise, it has, nonetheless, been passed as part of the state’s General Assembly’s Special Session --  included in the state's Budget Bill as Section 130.   The text of the Budget Bill linked in this blog post includes the marked changes to Section 36a-701b.

The revised version of  Section 36a-701b, will be effective October 1, 2012, and requires the reporting of a “breach of security” to the Connecticut Attorney General. This is in addition to any other data breach reporting requirements that already exist under Connecticut’s data breach notification law, or promulgated by industry regulators (e.g., Connecticut Department of Insurance Bulletin IC-25). Failure to comply constitutes an unfair trade practice under Connecticut General Statutes Section 42-110b and is enforceable by the Attorney General.   As we also reported in this space, last year the Connecticut Attorney General's office announced that it has established a Privacy Task Force.

Subscribe To Viewpoints

Author

Cynthia J. Larose

Member / Co-Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.