To Avoid Punitive Damages for a Data Breach in Connecticut, You Need to Try

Fox Rothschild LLP

Fox Rothschild LLP

In Connecticut, if you adopt and maintain and comply with written cybersecurity program that contains administrative, technical and physical safeguards for the protection of personal or restricted information and that conforms to an industry recognized cybersecurity framework then you will not be subject to punitive damages in court against any cause of action founded in tort that alleges that the failure to implement reasonable cybersecurity controls resulted in a data breach.

Industry recognized cybersecurity frameworks are:

(1) General:

  • NIST special publication 800-171;
  • NIST special publications 800-53 and 800-53a;
  • FedRAMP
  • CIS Critical Security Controls for Effective Cyber Defense (Top 20)
  • “ISO/IEC 27000-series

(2) Controls mandated by law such as: HIPAA, GLBA, FISMA etc.


The program must be designed to:

(A) Protect the security and confidentiality of information;

(B) protect against any threats or hazards to the security or integrity of information; (C) protect against unauthorized access to and acquisition of information that would result in a material risk of identity theft or other fraud to the individual to whom the information relates.

The scale and scope of a covered entity’s cybersecurity program shall be based on:

(A) The size and complexity of the covered entity;

(B) the nature and scope of the activities of the covered entity;

(C) the sensitivity of the information to be protected; and

(D) the cost and availability of tools to improve information security and reduce vulnerabilities.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.