Connecticut Amends Breach Notification Law Regarding Timing and Credit Monitoring; Imposes New Data Security Requirements on Health Insurers and State Contractors
New legislation out of Hartford means that Connecticut joins Massachusetts in imposing strict state requirements for data protection. S.B. 949. Additionally, the new law amends Connecticut’s data breach notification law, making Connecticut the first in the nation to affirmatively require entities that experience a reportable data breach to offer free credit monitoring to residents affected by the breach. The legislation further imposes significant new requirements on health insurers, as well as contractors that receive confidential information from state agencies, to maintain minimum data security protections. While health insurers have until 2017 to come into full compliance, the requirements for state contractors are effective as of July 1, 2015.
