Connecticut Amends Data Breach Notification Law

[author: Kevin Khurana]

On the heels of Vermont’s recent amendment to its data breach notification law (which we blogged about here), Connecticut’s legislature recently amended its own data breach notification law (Conn. Gen. Stat. § 36a-701b). The amended law will take effect on October 1, 2012.

While several of the changes to the law were non-substantive in nature and more for the sake of clarification, the amended law does impose what seems to be the new trend in data breach notification obligations: the requirement to notify the state attorney general.     

Under newly added subsection (b)(2) of the statute, companies that are required to notify Connecticut residents of a data breach must also notify the Attorney General of Connecticut no later than the time when notice is provided to the residents (which, according to subsection (b)(1), must be made without unreasonable delay, subject only to delays resulting from law enforcement investigations and a company-conducted investigation to determine the nature and scope of the incident, identify the individuals affected, or restore the reasonable integrity of the underlying data system).

Published In: Administrative Agency Updates, General Business Updates, Privacy Updates, Science, Computers & Technology Updates

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Proskauer - Privacy & Data Security | Attorney Advertising

Don't miss a thing! Build a custom news brief:

Read fresh new writing on compliance, cybersecurity, Dodd-Frank, whistleblowers, social media, hiring & firing, patent reform, the NLRB, Obamacare, the SEC…

…or whatever matters the most to you. Follow authors, firms, and topics on JD Supra.

Create your news brief now - it's free and easy »