New Connecticut law creates business obligations after data breach
The Connecticut legislature recently passed a law mandating that businesses provide specific remedies for affected Connecticut residents when a data breach occurs (Public Act No. 15-142). This is a good opportunity to notify your commercial insureds about the law and to verify that any cyber coverage they have would be sufficient to meet this new obligation. It's also a good time to verify that your own data handling meets the law's requirements.
New Connecticut law requires businesses to offer identity theft protection services after a data breach
"Beginning October 1, 2015, companies doing business in the state (even if they have no physical location in the state) that experience a data breach affecting a Connecticut resident must offer that individual free identity-theft prevention services and, if applicable, identity theft mitigation services for at least one year. The breach must include the resident’s name and Social Security number (SSN)."
National Law Review
New Connecticut Law Protects Your Identity After a Data Breach
"The statute also requires all companies who hold personal confidential information to protect that information in specific ways. For example, companies must maintain the confidential data in a secure server, on secure drives, behind firewall protections and monitored by intrusion detection software, and in a manner which restricts access to authorized personnel only. Encryption of all personal information is mandatory."
- Lisa Johnson