Connecticut businesses must take reasonable steps to keep their electronic and digital data secure. Failing to do so could lead to a data security breach. That, in turn, may spell significant legal liability for a company. Adopting policies and procedures to protect data and manage breaches is a crucial step for Connecticut companies. This is where having a knowledgeable Connecticut business attorney is important. Aeton Law Partners is ready to work with your team to protect your best interests.
What Is Required Under Connecticut Law?
The coronavirus pandemic has seen a major uptick in computer and cybersecurity breaches. Thieves and scammers, eager to exploit the public’s focus on the virus, have essentially waged war on companies’ data. Attacks have skyrocketed since 2020, with small and medium-sized businesses especially vulnerable. Stolen information can lead to identity theft and economic losses that could soar to astronomical levels.
In response to this crisis, the state of Connecticut has enacted two major legal measures. It is essential that any company operating in Connecticut know about Public Acts 21-59 and 21-119.
Public Act 21-59 broadens the definition of personal information that companies must report if there’s been a breach. Unauthorized access to the following data may trigger a reporting requirement:
- Social security number
- Driver’s license number
- Vehicle financial account information
- Medical information and health insurance policy data
- Fingerprints, voice, and eye retinal data
- Online account login credentials (e.g. username, email address, and password)
- Passport, military ID, and government ID numbers
- Individual taxpayer ID numbers
- Identity protection personal identification numbers issued by the IRS
A company must report a breach within 60 days. This is a shortened time frame, but best practices are to report such breaches as early as possible. Your company should partner with a Connecticut business law attorney to handle any sort of breach.
Meanwhile, Public Act 21-119 provides some legal protection if a company adopts strong cybersecurity safeguards. More specifically, a company may be shielded from punitive damages in the event of a breach. But the business must adopt industry-recognized cybersecurity protocols. A company wanting to maximize cybersecurity should follow measures set forth by the National Institute of Standards and Technology. Some have called their policies the “golden standard” of cybersecurity frameworks.
Steps Your Business Should Take
Working with an attorney, here are some key procedures and policies your business should have regarding cybersecurity:
- Creating and enforcing an acceptable use policy for employees handling sensitive information
- Drafting an information security document that details the company plan for protecting data
- Having an emergency plan for how to secure data if something catastrophic like a natural disaster occurs
- Maintaining cybersecurity in the event of an interruption to business (e.g. pandemic-related closures)
- Training your employees on how to spot and report cybersecurity threats and breaches
- Identifying and correcting risks that arise when doing business with third-party contractors and vendors
- Implementing an incident response plan for how to properly report and remedy a breach
- Placing key individuals in charge of cybersecurity, with specific tasks delegated to them
Cybersecurity is a technical area requiring input from data and IT professionals. But it is strongly recommended that an attorney partner with your IT team. A lawyer will understand the necessary security requirements imposed by law. An attorney can therefore check your company’s policies against applicable legal obligations. Partnering with a Connecticut business lawyer, your company can be best positioned to prevent and manage cyberattacks.
Working With Your Company to Secure Its Future
Failure to prevent cyberattacks may open the door to lawsuits, fines, and public repercussions. Your business may not have experienced a cybersecurity breach yet. But the odds are strong that sooner or later, one will come around. Cybersecurity doesn’t have to be expensive, and you simply cannot afford to overlook it. Give Aeton Law Partners a call today to learn more.