Connecticut May Become First State To Require Identity Theft Protection

B
BakerHostetler

Contributor

BakerHostetler logo
Recognized as one of the top firms for client service, BakerHostetler is a leading national law firm that helps clients around the world address their most complex and critical business and regulatory issues. With five core national practice groups — Business, Labor and Employment, Intellectual Property, Litigation, and Tax — the firm has more than 970 lawyers located in 14 offices coast to coast. BakerHostetler is widely regarded as having one of the country’s top 10 tax practices, a nationally recognized litigation practice, an award-winning data privacy practice and an industry-leading business practice. The firm is also recognized internationally for its groundbreaking work recovering more than $13 billion in the Madoff Recovery Initiative, representing the SIPA Trustee for the liquidation of Bernard L. Madoff Investment Securities LLC. Visit bakerlaw.com
The law would also require businesses to notify affected Connecticut residents and the Connecticut attorney general within 90 days of discovery of a breach.
United States Privacy

A bill currently before Connecticut Governor Dannel P. Malloy would make the state the first in the nation to require identity theft protection for data breach victims. Senate Bill 949 was approved by both the Connecticut Senate and House on June 1, 2015. If passed, it would amend existing state law to require companies to provide at least one year of free identity theft protection to victims of data breaches involving personal information. The law does not explicitly state the type of protections businesses must offer. Connecticut Attorney General George Jepsen has stated he will continue to seek up to two years of identity theft protection for breaches of "highly sensitive information," including Social Security numbers.

The law would also require businesses to notify affected Connecticut residents and the Connecticut attorney general within 90 days of discovery of a breach. This would clarify the existing law, which requires companies to notify victims only "without unreasonable delay." This would make Connecticut only one of six states (the others being Florida, Iowa, Louisiana, Vermont, and Washington) to explicitly state a time period for breach notification.

If passed, the law would go into effect October 1, 2015. Connecticut would be the fifth state to make significant changes to its data breach notification laws this year, following Montana, Nevada, North Dakota, and Washington.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More