Please do not leave this page until complete. This can take a few moments.
A bill shielding Connecticut businesses from liability for data breaches as long as they adopt and maintain approved cybersecurity protocols is now law, having come into effect Oct. 1.
Gov. Ned Lamont in July signed HB 6607, legislation designed to incentivize companies to strengthen their network defenses with the promise of protection against certain lawsuits. Provided businesses adopt an industry-recognized cybersecurity framework, like those promulgated by the National Institute of Standards and Technology, they would not be ordered to pay punitive damages for a data breach resulting in the exposure of personal information.
Lamont has also pledged an $11 million investment to support the state’s enhanced cybersecurity efforts.
The bill came months after Lamont announced the launch of a year-long process of building a new information technology organization within state government designed to centralize the coordination of the state’s IT resources by the Department of Administrative Services.
That initiative included the creation of the state’s first Chief Information Security Officer, a role filled by Jeff Brown.
Backers in the General Assembly and from the state’s business community had framed the bill as a legal carrot to move companies closer to implementing comprehensive cybersecurity safeguards.
The issue has taken on renewed importance in the last few months, as criminals based mainly in Russia and Eastern Europe have extorted millions from U.S. companies for the safe return of scrambled or stolen records.
One recent attack, on Wisconsin-based Applus Technologies, stopped motor vehicle emissions testing in Connecticut and seven other states that use the company’s software to carry out the mandatory inspections. The service was disabled in late March and came back online one month later.
To qualify for legal protection under the new law, employers must adopt a cybersecurity framework from a reputable entity, such as the National Institute of Standards and Technology, the Federal Risk and Authorization Management Program or the Center for Internet Security, among others. Companies must keep up to date with changes and revisions to those programs, bringing their own plans into compliance within six months.
The Hartford Business Journal 2025 Charity Event Guide is the annual resource publication highlighting the top charity events in 2025.
Learn moreHartford Business Journal provides the top coverage of news, trends, data, politics and personalities of the area’s business community. Get the news and information you need from the award-winning writers at HBJ. Don’t miss out - subscribe today.
SubscribeDelivering Vital Marketplace Content and Context to Senior Decision Makers Throughout Greater Hartford and the State ... All Year Long!
Read HereThe Hartford Business Journal 2025 Charity Event Guide is the annual resource publication highlighting the top charity events in 2025.
Hartford Business Journal provides the top coverage of news, trends, data, politics and personalities of the area’s business community. Get the news and information you need from the award-winning writers at HBJ. Don’t miss out - subscribe today.
Delivering Vital Marketplace Content and Context to Senior Decision Makers Throughout Greater Hartford and the State ... All Year Long!
In order to use this feature, we need some information from you. You can also login or register for a free account.
By clicking submit you are agreeing to our cookie usage and Privacy Policy
Already have an account? Login
Already have an account? Login
Want to create an account? Register
In order to use this feature, we need some information from you. You can also login or register for a free account.
By clicking submit you are agreeing to our cookie usage and Privacy Policy
Already have an account? Login
Already have an account? Login
Want to create an account? Register
This website uses cookies to ensure you get the best experience on our website. Our privacy policy
To ensure the best experience on our website, articles cannot be read without allowing cookies. Please allow cookies to continue reading. Our privacy policy
0 Comments