Beginning in two weeks, Connecticut state law will require certain businesses that experience a breach of security involving computerized data to immediately notify the state attorney general's office.
To aid businesses in complying with the Oct. 1 reporting requirement, Attorney General George Jepsen announced Tuesday that his office has set up a dedicated email for companies to use when they report a breach.
Connecticut law generally requires anyone who conducts business in Connecticut and who – in the ordinary course of business – owns, licenses or maintains computerized data that includes personal information to disclose a security breach without unreasonable delay to state residents whose personal information is believed to have been compromised. Failure to provide such notice could be considered a violation of the Connecticut Unfair Trade Practices Act (CUTPA).
The new law requires that the attorney general also be notified no later than when the affected residents are notified. Failure to do so is a violation as well, Jepsen said.
The new email address, firstname.lastname@example.org, will be monitored by the Attorney General's Privacy Task Force.
A link to the email address and a Web page detailing the new law's requirements will go live on the attorney general's Web site, www.ct.gov/ag, when the law takes effect on Oct. 1.