Connecticut Provides Defense Against Data Breach Claims

Effective October 1, 2021, covered entities in Connecticut shall not be liable for punitive damages for alleged failure to implement reasonable cybersecurity controls if they created, maintained and complied with a written cybersecurity program that contains administrative, technical and physical safeguards to protect PI and restricted information, and conforms to industry recognized frameworks (i.e., NIST, ISO); where applicable, revisions to state and federal cybersecurity provisions and the PCI DSS must be adhered to within 6 months of the publication of such revision.

 

Total
0
Shares
Previous Post

Health care organizations struggle to balance breach notification requirements with customer expectations

Next Post

Colorado Becomes Third State to Enact Omnibus Privacy Act

Related Posts
Total
0
Share
en_USEN