Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs.
Continue Reading
Connecticut
Senate Commerce Committee Members Rumored to be Discussing Online Privacy Bill
Posted on
On August 29, 2018, Bloomberg Law reported that four Senate Commerce Committee members are said to be discussing a potential online privacy bill. …
Continue Reading
Target and State Attorneys General Resolve Investigation with Largest Multi-State Breach Settlement to Date
Posted on
On May 23, 2017, Target reached a settlement with the Attorneys’ General of 47 states and the District of Columbia to resolve the states’ investigation of Target’s 2013 data breach.…
Continue Reading
Adobe Settles Multistate Data Breach Enforcement Action
Posted on
On November 7, 2016, Adobe Systems Inc. entered into an assurance of voluntary compliance with 15 state Attorneys General to settle allegations that the company lacked proper measures to protect its systems from a 2013 cyber attack that resulted in the theft of the personal information of millions of customers. …
Continue Reading
Connecticut Passes New Data Protection Measures into Law
Posted on
On July 1, 2015, Connecticut’s governor signed into law Public Act No. 15-142, An Act Improving Data Security and Agency Effectiveness, that amends and updates the state’s data breach notification law and imposes certain data security requirements on health insurers and state contractors.…
Continue Reading
FTC Proposes Settlement with Two Companies Over False Safe Harbor Certification Claims
Posted on
The Federal Trade Commission announced proposed settlements with two companies related to charges that they falsely claimed they were compliant with the U.S.-EU and U.S.-Swiss Safe Harbor Frameworks.…
Continue Reading
Connecticut Governor Signs Pharmacy Reward Program Authorization Bill into Law
Posted on
Posted in Health Privacy, U.S. State Law
On June 12, 2014, Connecticut Governor Dannel Malloy signed a bill that may require retailers to modify their existing HIPAA authorizations for pharmacy reward programs. The new law takes effect July 1, 2014.…
Continue Reading
Google Enters into Multi-State Wi-Fi Settlement
Posted on
On March 12, 2013, Connecticut Attorney General George Jepsen announced that a coalition of 38 states had entered into a $7 million settlement with Google Inc. (“Google”) regarding its collection of unsecured Wi-Fi data via the company’s Street View vehicles between 2008 and 2010. The settlement is the culmination of a multi-year investigation by the states that we first reported on in 2010.
…
Continue Reading
Connecticut Amends State Breach Law Amid Introduction of Federal Breach Notification Legislation
Posted on
On June 15, 2012, Connecticut Governor Dannel Malloy approved amendments to the state’s breach notification law requiring businesses to notify the state Attorney General in the event of a data security breach. One week later, Senator Pat Toomey (R-PA) introduced the Data Security and Breach Notification Act of 2012 in an effort to create a national breach notification standard.…
Continue Reading
Connecticut AG Announces Agreement with MetLife over 2009 Breach Incident
Posted on
On January 24, 2011, Connecticut Attorney General George Jepsen announced that MetLife had agreed to pay $10,000 and implement or enhance its data protection policies and procedures in response to a November 2009 disclosure of customer personal information on the Internet.…
Continue Reading