On October 13, 2022, the Interactive Advertising Bureau released for public comment an updated version of its contractual framework and new U.S. State Signals specifications to help the digital advertising industry comply with the comprehensive state privacy laws of California, Virginia, Colorado, Utah and Connecticut.
Continue Reading IAB Releases for Public Comment Proposed Contractual Framework and U.S. State Signals Specifications for Compliance with Five States’ Privacy Laws

On October 1, 2021, Connecticut’s two new data security laws went into effect. The new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program.
Continue Reading UPDATE: New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Are Now in Effect

Connecticut recently passed two cybersecurity laws that will become effective on October 1, 2021. The newly passed laws modify Connecticut’s existing breach notification requirements and establish a safe harbor for businesses that create and maintain a written cybersecurity program that complies with applicable state or federal law or industry-recognized security frameworks.
Continue Reading New Connecticut Breach Notification Requirements and Cybersecurity Safe Harbor Effective October 2021

Effective October 1, 2018, Connecticut law requires organizations that experience a security breach affecting Connecticut residents’ Social Security numbers to provide 24 months of credit monitoring to affected individuals. Previously, Connecticut law required entities to provide 12 months of credit monitoring for breaches affecting SSNs.
Continue Reading Connecticut Requires 24 Months of Credit Monitoring for Certain Security Breaches

On May 23, 2017, Target reached a settlement with the Attorneys’ General of 47 states and the District of Columbia to resolve the states’ investigation of Target’s 2013 data breach.
Continue Reading Target and State Attorneys General Resolve Investigation with Largest Multi-State Breach Settlement to Date

On November 7, 2016, Adobe Systems Inc. entered into an assurance of voluntary compliance with 15 state Attorneys General to settle allegations that the company lacked proper measures to protect its systems from a 2013 cyber attack that resulted in the theft of the personal information of millions of customers.
Continue Reading Adobe Settles Multistate Data Breach Enforcement Action

On July 1, 2015, Connecticut’s governor signed into law Public Act No. 15-142, An Act Improving Data Security and Agency Effectiveness, that amends and updates the state’s data breach notification law and imposes certain data security requirements on health insurers and state contractors.
Continue Reading Connecticut Passes New Data Protection Measures into Law