Connecticut passed a bill amending breach of security requirements. Under the bill, a person that owns, licenses or maintains computerized data that includes personal information must provide notice of the breach of security to all affected Connecticut residents within 60 days of discovering the breach of security. Previously, the notice was required to be provided within 90 days of discovering the breach of security. The bill also provides an alternate method of providing notice of a breach of security in the event the breach of security involves a user name or electronic mail address, in combination with a password or security question and answer that would permit access to an online account. In addition, the bill amends the definition of “personal information” with respect to a breach of security. The bill becomes effective October 1, 2021.
See Connecticut State Legislature website for the full text of the Statute: https://www.cga.ct.gov/2021/TOB/H/PDF/2021HB-05310-R00-HB.PDF
Click to view the full CT HB 5310 bill: https://www.tenaco.com/wp-content/uploads/2021/06/CT-HB-5310-06-18-21.pdf
