United States:
Connecticut Enacts New Cybersecurity Safe Harbor
To print this article, all you need is to be registered or login on Mondaq.com.
Connecticut recently enacted cybersecurity legislation that provides a
safe harbor for businesses that implement a written cybersecurity
program. Under the legislation, set to go in effect on October 1,
2021, punitive damages will not be assessed on a business that has
suffered a data breach, in the event that there are causes of
action alleging a failure to implement reasonable cybersecurity
controls, which failure resulted in the breach.
To take advantage of this safe harbor, businesses must implement
a written cybersecurity program which contains administrative,
technical and physical safeguards that conforms to an industry
recognized cybersecurity framework. The recognized frameworks
include NIST SP 800-171, NIST SP 800-53, and the ISO/IEC
27000-series. Businesses regulated by HIPAA/HITECH or GLBA may also
meet the safe harbor cybersecurity requirements by conforming to
the applicable regulatory requirements.
Putting it Into Practice: Businesses operating in
Connecticut should review their cybersecurity program and consider
implementing any additional measures, to the extent necessary, to
take advantage of this new safe harbor.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.
POPULAR ARTICLES ON: Technology from United States