New Connecticut Data Breach Law Takes Effect October 1
OAG establishes dedicated email for security breach reporting
Beginning in two weeks, Connecticut state law will require certain businesses that experience a breach of security involving computerized data to provide notice to the Office of the Attorney General (OAG) in addition to state residents who may be affected. To assist business owners in complying with the reporting requirement, Attorney General George Jepsen announced today that the OAG has established a dedicated email for companies to use when they report a breach.
“Existing state law directs my office to enforce requirements that companies notify state residents whose personal information may be compromised by a data breach,” said Attorney General Jepsen. “However, the law made no requirement that my office be notified, making enforcement difficult. That will change beginning October 1, and I want to ensure that the process for a business owner to report a data breach is as easy as possible.”
The new email address, firstname.lastname@example.org
, will be monitored by the Attorney General’s Privacy Task Force. A link to the email address and a Web page detailing the new law’s requirements will go live on the attorney general’s Web site, www.ct.gov/ag
, when the law takes effect on Oct. 1.
Connecticut law generally requires anyone who conducts business in Connecticut and who – in the ordinary course of business – owns, licenses or maintains computerized data that includes personal information to disclose a security breach without unreasonable delay to state residents whose personal information is believed to have been compromised. Failure to provide such notice could be considered a violation of the Connecticut Unfair Trade Practices Act (CUTPA).
The new law requires that the attorney general also be notified no later than when the affected residents are notified. Failure to notify the OAG could constitute a CUTPA violation as well.
Attorney General Jepsen created the Privacy Task Force last year, and it is responsible for all of the office’s investigations of consumer privacy breaches. Assistant Attorney General Matthew Fitzsimmons, head of the Privacy Task Force, is assisting the Attorney General with this matter.
Jaclyn M. Falkowski