New Law Requires Companies To Notify Attorney General In Case Of A Consumer Data Breach

by Categorized: Connecticut, Government Tagged: , Date:

It happens frequently enough, a laptop gets stolen, or a company’s data is hacked and suddenly hundreds of consumers private information is out in the wild.

In those cases, companies are required to notify the consumers that the incident happened. A new law that took effect on October 1, 2012 will require those companies to simultaneously notify the Office of the Attorney General for the State of Connecticut.

“Existing state law directs my office to enforce requirements that companies notify state residents whose personal information may be compromised by a data breach,” said Attorney General Jepsen in a press release. “However, the law made no requirement that my office be notified, making enforcement difficult. That will change beginning October 1, and I want to ensure that the process for a business owner to report a data breach is as easy as possible.”

Current law requires businesses to notify customers “without unreasonable delay.” Companies that fail to notify customers can be cited under the Connecticut Unfair Trade Practices Act (CUTPA). Companies that do not contact the Attorney General can be prosecuted under CUTPA as well.

Comanies can use a new email address, The email will be monitored by the Attorney General’s Privacy Task Force. Both the email address and a web page with the new law’s requirements are available  on the attorney general’s Web site,

Have you ever had information lost by a company? What happened?


Photo by Adam Berry/Getty Images

The Courant is using Facebook comments on stories. To comment on articles, sign into Facebook and enter your comment in the field below. Comments will appear in your Facebook News Feed unless you choose otherwise. To report spam or abuse, click the X next to the comment. For guidelines on commenting, click here.