Conn. AG touts new data breach law
HARTFORD, Conn. (Legal Newsline) - Connecticut Attorney General George Jepsen announced a new state law on Tuesday requiring businesses with data breaches to provide notice to the attorney general's office and affected consumers.
The new law, which will take effect on Oct. 1, requires that the attorney general be notified no later than when affected residents are notified. Failure to notify could constitute a Connecticut Unfair Trade Practice Act violation.
"Existing state law directs my office to enforce requirements that companies notify state residents whose personal information may be compromised by a data breach," Jepsen said. "However, the law made no requirement that my office be notified, making enforcement difficult. That will change beginning Oct. 1, and I want to ensure that the process for a business owner to report a data breach is as easy as possible."
Prior state law required anyone conducting business in the state who, in the ordinary course of business, owns, licenses or maintains computerized data that includes personal information to disclose security breaches without unreasonable delay. Failure to notify could constitute a CUPTA violent.
To facilitate notification, Jepsen's Privacy Task Force will monitor a new email address, firstname.lastname@example.org, starting in October.
The Privacy Task Force was created last year and tasked with the responsibility of looking into consumer privacy breaches