Connecticut’s data breach notification statute has been broadened, imposing additional reporting parameters for companies that leave consumer data exposed to bad actors or accidental sharing.
The expanded law—which takes effect Oct. 1—adds categories of data to the definition of “personal information” and shortens the amount of time a company has to notify residents of a breach to 60 days, among other requirements.
“These updates are indicative of the direction states are going with data breach notification statutes,” said Ben Wanger, counsel at Baker & Hostetler LLP in Philadelphia. “There’s a desire to get companies to report on these incidents sooner ...
Learn more about Bloomberg Law or Log In to keep reading:
See Breaking News in Context
Bloomberg Law provides trusted coverage of current events enhanced with legal analysis.
Already a subscriber?
Log in to keep reading or access research tools and resources.