On June 15, 2012, Connecticut Governor Dan Malloy signed Connecticut House Bill 6001; it includes amendments to the Connecticut General Statute §36a-701b, a.k.a. Security Breach Law.
The most significant amendment to the Security Breach Law has added a requirement of reporting breaches to the Connecticut Attorney General, in addition to notifying Connecticut residents of the data breach. The updated statue will become effective on October 1, 2012 and the Attorney General can be notified of the security breach via email at firstname.lastname@example.org, as stated in the Attorney General’s Press Release. Failure to notify the Office of Attorney General could constitute a CUTPA violation.
Connecticut Unfair Trade Practices Act, or CUPTA, defined as, quote:
The Connecticut Unfair Trade Practices Act (CUTPA) allows the Commissioner of Consumer Protection to legally pursue persons or businesses who have used unfair or deceptive trade practices with consumers. It grants the court the discretion to award punitive damages, costs, and reasonable attorney’s fees, as well as other relief such as an injunction, which the court determines.
Businesses covered by the Connecticut breach notification law should ensure that they add Attorney General reporting to their breach response procedures.