It happens frequently enough, a laptop gets stolen, or a company’s data is hacked and suddenly hundreds of consumers private information is out in the wild.
In those cases, companies are required to notify the consumers that the incident happened. A new law that took effect on October 1, 2012 will require those companies to simultaneously notify the Office of the Attorney General for the State of Connecticut.
“Existing state law directs my office to enforce requirements that companies notify state residents whose personal information may be compromised by a data breach,” said Attorney General Jepsen in a press release. “However, the law made no requirement that my office be notified, making enforcement difficult. That will change beginning October 1, and I want to ensure that the process for a business owner to report a data breach is as easy as possible.”
Current law requires businesses to notify customers “without unreasonable delay.” Companies that fail to notify customers can be cited under the Connecticut Unfair Trade Practices Act (CUTPA). Companies that do not contact the Attorney General can be prosecuted under CUTPA as well.
Comanies can use a new email address, firstname.lastname@example.org. The email will be monitored by the Attorney General’s Privacy Task Force. Both the email address and a web page with the new law’s requirements are available on the attorney general’s Web site, www.ct.gov/ag.
Have you ever had information lost by a company? What happened?
Photo by Adam Berry/Getty Images