Connecticut’s data breach notification statute has been broadened, imposing additional reporting parameters for companies that leave consumer data exposed to bad actors or accidental sharing.
The expanded law—which takes effect Oct. 1—adds categories of data to the definition of “personal information” and shortens the amount of time a company has to notify residents of a breach to 60 days, among other requirements.
“These updates are indicative of the direction states are going with data breach notification statutes,” said Ben Wanger, counsel at Baker & Hostetler LLP in Philadelphia. “There’s a desire to get companies to report on these incidents sooner ...