Connecticut Enacts New Cybersecurity Safe Harbor

Sheppard Mullin Richter & Hampton LLP
Contact

Sheppard Mullin Richter & Hampton LLP

Connecticut recently enacted cybersecurity legislation that provides a safe harbor for businesses that implement a written cybersecurity program. Under the legislation, set to go in effect on October 1, 2021, punitive damages will not be assessed on a business that has suffered a data breach, in the event that there are causes of action alleging a failure to implement reasonable cybersecurity controls, which failure resulted in the breach.

To take advantage of this safe harbor, businesses must implement a written cybersecurity program which contains administrative, technical and physical safeguards that conforms to an industry recognized cybersecurity framework. The recognized frameworks include NIST SP 800-171, NIST SP 800-53, and the ISO/IEC 27000-series. Businesses regulated by HIPAA/HITECH or GLBA may also meet the safe harbor cybersecurity requirements by conforming to the applicable regulatory requirements.

Putting it Into Practice: Businesses operating in Connecticut should review their cybersecurity program and consider implementing any additional measures, to the extent necessary, to take advantage of this new safe harbor.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Sheppard Mullin Richter & Hampton LLP | Attorney Advertising

Written by:

Sheppard Mullin Richter & Hampton LLP
Contact
more
less

Sheppard Mullin Richter & Hampton LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.