What is legally required when a CT business suffers a data breach?
Connecticut’s Public Act No. 15-142 requires any business in the state of Connecticut (even those with no physical location) who have discovered, or have a reason to believe, they have a data breach of any certain personal information, to offer the affected individuals free identity theft prevention service and if applicable, identity theft mitigation service at no cost to those individuals for a minimum of 12 months.
This act requires notification to the individual without unreasonable delay but no later than 90 days after the discovery of the breach and must advise the individual how to enroll in the services and how to place a credit freeze on their credit file.
The business is also required to notify the Connecticut Attorney General’s Office no later than when notice is given to the resident.
As you might imagine, this can get pretty expensive, pretty quickly. It is in your company's best interest to purchase a cyber liability policy to protect you from the costs associated with a data breach. Please call Tim Russell to discuss protecting your business, 888.962.3564.