Cloud Hosting

The Privacy and Data Security Department within the Attorney Generals Office handles matters related to the protection of Connecticut residents' personal information and data. The Department enforces state laws governing notification of data breaches, safeguarding of personal information, and protection of social security numbers and other sensitive information.

In addition, this Department provides the Attorney General with advice and counsel on proposed legislation and other matters regarding privacy and data security, and it engages in extensive outreach to citizens and businesses on matters relating to data protection and privacy, according to the Attorney Generals Office.

Governor Ned Lamont signed legislation this summer, approved by the 2021 state legislature and supported by the states business community, that would protect businesses from punitive damages if personal or restricted information is improperly accessed, maintained, communicated, or processed, so long as such businesses have adopted and adhered to appropriate cybersecurity measures. It does not diminish other important legal rights and actions that individuals and businesses can take after a cyber breach, according to the Governors office.

The legislation is Public Act 21-119, An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses goes into effect on October 1, 2021.

Trust and security are at the heart of the relationship between businesses, residents, and their digital government, Mark Raymond, Connecticuts chief information officer, said when the legislation was signed into law.

Investing in cybersecurity is an expensive decision that requires a company to dedicate time, staffing, and financial resources to be successful, added Eric Gjede, vice president of government affairs for the Connecticut Business and Industry Association (CBIA). This legislation is critical for protecting our most vulnerable industries from the increasing threat of cyberattacks.

According to a 2018 CBIA survey, nearly one-quarter of Connecticut businesses experienced a data breach or cyberattack in the previous two years. And 90% of those were small businesses with less than 100 employees.

Testifying in support of the legislation earlier this year, Curtis W. Dukes, Executive Vice President & General Manager, Security Best Practices of the nonprofit Center for Internet Security, Inc., described Connecticuts approach as a creative way to protect its citizens and organizations from cyber attacks.

He added: Cybersecurity is, largely, unregulated today. There is no national statutory minimum standard of information security. This condition makes it difficult to improve cybersecurity on a wholesale basis. Until there is a national legal standard, we are in a period where organizations must voluntarily adopt cyber best practices--the Wild, Wild, West. The result: We are not as safe as we could be.

View original post here:
Cybersecurity Breaches Must Be Reported to Attorney General; New CT Law Helps Businesses Connecticut by the Numbers - Connecticut by the Numbers