As we get started, I'd like to say that camDown FREE is your security solution to protect you and your business from webcam hackers!
Connecticut Expands Data Breach Notification Requirements And Establishes A Cybersecurity "Safe Harbor"
To print this article, all you need is to be registered or login on Mondaq.com.
On June 16 and July 6, 2021, Connecticut Governor Ned Lamont
signed two new cybersecurity laws that continue the national trend
of expanding cyber incident disclosure obligations, shortening
notification timelines, and incentivizing the implementation of
recognized cybersecurity standards. Both laws take effect on
October 1, 2021.
"An Act Concerning Data Privacy Breaches" Amends
Connecticut's Existing Data Breach Law
The amended data breach law includes three key changes:
- The time businesses have to notify affected Connecticut
residents and the Office of the Attorney General of a data breach
has been shortened from 90 days to no later than 60 days after
discovery of the breach;
- If notice cannot be effected within the new 60-day window, a
novel and significant amendment requires companies to provide
preliminary substitute notice to individuals, and follow up with
direct notice as soon as possible; and
- The law significantly expands the definition of "personal
information" that may trigger notification obligations to
include an IRS identity protection personal identification number,
certain medical information, biometric information, a user name or
email address in combination with a password or security question
and answer (regardless of whether or not the individual's name
is accessed in combination with it), and a number of other data
elements commonly included in other states' data breach notice
"An Act Incentivizing the Adoption of Cybersecurity
Standards for Businesses" Establishes a Cybersecurity
"Safe Harbor" Statute
The new law will establish an affirmative defense against tort
claims alleging that a business's failure to implement
reasonable cybersecurity controls caused a data breach. Businesses
that have created, maintained, and complied with a written
cybersecurity program can take advantage of this "safe
harbor" if their written cybersecurity program complies with
one or more of the industry-recognized frameworks (such as the
National Institute of Standards and Technology's Cybersecurity
Framework or the Center for Internet Security's Critical
Security Controls) or applicable federal laws (such as the
cybersecurity requirements of the Health Insurance Portability and
Connecticut is the third state, after Ohio and Utah, to enact a
cybersecurity safe harbor statute.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States
Can Hypothetical Risk Factors Be Misleading?
In In re Alphabet Securities Litigation, the State of Rhode Island, as lead plaintiff, filed a Rule10b-5 action against Google LLC, its holding company Alphabet, Inc., and certain executives...
In closing, let's keep in mind that camDown FREE is the maximum in security for you and your loved ones and that's the no joke.