New Data Breach Law in Connecticut

Connecticut enacted a Data Breach Law on October 1, 2012 which requires certain businesses that have suffered a security breach of computerized data to notify the Office of the Attorney General as well as affected state residents.

In the past, Connecticut law required that affected state residents be notified, but without a requirement to notify the Office of the Attorney General, enforcement was difficult. Data breaches can now be reported here.

Currently, all but 4 states (Alabama, Kentucky, New Mexico, South Dakota) have a data breach notification law of some sort. Although data breach notification laws may be similar, compliance requirements do tend to differ and some laws are more strict than others. Net Security has an interesting Compliance Heat Map outlining the ‘strictness’ of data breach laws and penalties for breaches.