On June 2 and June 5, 2023, the Connecticut and Nevada state legislatures, respectively, voted in favor of sending legislation to their governors for signature that would impose restrictions, among others, on the processing of consumer health data, including geofencing provisions. Nevada S.B. 370 was signed by Nevada Governor Joe Lombardo on June 16, 2023.
Continue Reading Connecticut and Nevada Legislatures Pass Health Data Laws

On October 13, 2022, the Interactive Advertising Bureau released for public comment an updated version of its contractual framework and new U.S. State Signals specifications to help the digital advertising industry comply with the comprehensive state privacy laws of California, Virginia, Colorado, Utah and Connecticut.
Continue Reading IAB Releases for Public Comment Proposed Contractual Framework and U.S. State Signals Specifications for Compliance with Five States’ Privacy Laws

On October 1, 2021, Connecticut’s two new data security laws went into effect. The new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program.
Continue Reading UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect

Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks.
Continue Reading New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021

Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs.
Continue Reading Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches

On May 23, 2017, Target reached a settlement with the Attorneys’ General of 47 states and the District of Columbia to resolve the states’ investigation of Target’s 2013 data breach.
Continue Reading Target and State Attorneys General Resolve Investigation with Largest Multi-State Breach Settlement to Date