ARTICLE
26 July 2021

Connecticut Enacts New Cybersecurity Safe Harbor

SM
Sheppard, Mullin, Richter & Hampton LLP

Contributor

Sheppard, Mullin, Richter & Hampton LLP logo
Businesses turn to Sheppard to deliver sophisticated counsel to help clients move ahead. With more than 1,200 lawyers located in 16 offices worldwide, our client-centered approach is grounded in nearly a century of building enduring relationships on trust and collaboration. Our broad and diversified practices serve global clients—from startups to Fortune 500 companies—at every stage of the business cycle, including high-stakes litigation, complex transactions, sophisticated financings and regulatory issues. With leading edge technologies and innovation behind our team, we pride ourselves on being a strategic partner to our clients.
Explore Firm Details
Connecticut recently enacted cybersecurity legislation that provides a safe harbor for businesses that implement a written cybersecurity program.
United States Connecticut Technology
Elfin L. Noce
Your Author LinkedIn Connections
Sheppard, Mullin, Richter & Hampton LLP are most popular:
  • within Cannabis & Hemp topic(s)

Connecticut recently enacted cybersecurity legislation that provides a safe harbor for businesses that implement a written cybersecurity program. Under the legislation, set to go in effect on October 1, 2021, punitive damages will not be assessed on a business that has suffered a data breach, in the event that there are causes of action alleging a failure to implement reasonable cybersecurity controls, which failure resulted in the breach.

To take advantage of this safe harbor, businesses must implement a written cybersecurity program which contains administrative, technical and physical safeguards that conforms to an industry recognized cybersecurity framework. The recognized frameworks include NIST SP 800-171, NIST SP 800-53, and the ISO/IEC 27000-series. Businesses regulated by HIPAA/HITECH or GLBA may also meet the safe harbor cybersecurity requirements by conforming to the applicable regulatory requirements.

Putting it Into Practice: Businesses operating in Connecticut should review their cybersecurity program and consider implementing any additional measures, to the extent necessary, to take advantage of this new safe harbor.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.

[View Source]
Authors
Photo of Elfin L. Noce
Elfin L. Noce
Your Author LinkedIn Connections
See More Popular Content From

Mondaq uses cookies on this website. By using our website you agree to our use of cookies as set out in our Privacy Policy.

Learn More