Connecticut Enacts New Cybersecurity Safe Harbor – Technology – United States – Mondaq News Alerts

United States:

Connecticut Enacts New Cybersecurity Safe Harbor

To print this article, all you need is to be registered or login on

Connecticut recently enacted cybersecurity legislation that provides a
safe harbor for businesses that implement a written cybersecurity
program. Under the legislation, set to go in effect on October 1,
2021, punitive damages will not be assessed on a business that has
suffered a data breach, in the event that there are causes of
action alleging a failure to implement reasonable cybersecurity
controls, which failure resulted in the breach.

To take advantage of this safe harbor, businesses must implement
a written cybersecurity program which contains administrative,
technical and physical safeguards that conforms to an industry
recognized cybersecurity framework. The recognized frameworks
include NIST SP 800-171, NIST SP 800-53, and the ISO/IEC
27000-series. Businesses regulated by HIPAA/HITECH or GLBA may also
meet the safe harbor cybersecurity requirements by conforming to
the applicable regulatory requirements.

Putting it Into Practice: Businesses operating in
Connecticut should review their cybersecurity program and consider
implementing any additional measures, to the extent necessary, to
take advantage of this new safe harbor.

The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.

POPULAR ARTICLES ON: Technology from United States

The SEC’s Continued Focus On Cybersecurity Enforcement

Kramer Levin Naftalis & Frankel LLP

On June 14, the Securities and Exchange Commission (SEC) announced a $490,000 settlement with the real estate services provider First American Financial Corporation (First American) …


Leave a Reply

This website uses cookies. By continuing to use this site, you accept our use of cookies.