Data Protection at the Heart of New Connecticut Law
Sep 25th, 2015 by Frederick Spaeth | News | Recent News & Articles |
This summer, Governor Malloy enhanced data protection for Connecticut residents by signing into law AN ACT IMPROVING DATA SECURITY AND AGENCY EFFECTIVENESS, Public Act No. 15-142, which addresses data security on a variety of fronts.
Existing laws generally require that anyone who conducts business in the state and who stores personal information must disclose a security breach without unreasonable delay to affected state residents and to the Attorney General. Failing to do so constitutes an unfair trade practice under CUTPA (the Connecticut Unfair Trade Practices Act). (CGS 36a-701b). Public Act No. 15-142 clarifies that the notice of a breach must be given within 90 days after the breach is discovered, and that identity theft protection and, if applicable, identity theft mitigation services, must be offered to victims.