Connecticut Enacts New Cybersecurity Safe Harbor
Thursday, July 22, 2021

Connecticut recently enacted cybersecurity legislation that provides a safe harbor for businesses that implement a written cybersecurity program. Under the legislation, set to go in effect on October 1, 2021, punitive damages will not be assessed on a business that has suffered a data breach, in the event that there are causes of action alleging a failure to implement reasonable cybersecurity controls, which failure resulted in the breach.

To take advantage of this safe harbor, businesses must implement a written cybersecurity program containing administrative, technical, and physical safeguards that conforms to an industry recognized cybersecurity framework. The recognized frameworks include NIST SP 800-171, NIST SP 800-53, and the ISO/IEC 27000-series. Businesses regulated by HIPAA/HITECH or GLBA may also meet the safe harbor cybersecurity requirements by conforming to the applicable regulatory requirements.

Putting it Into Practice: Businesses operating in Connecticut should review their cybersecurity program and consider implementing any additional measures, to the extent necessary, to take advantage of this new safe harbor. 

 

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins