We previously outlined the requirements of the Connecticut data breach law when it was amended in 2015, including the requirement to implement a comprehensive information security program (CISP). The law requires that Third Party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs) must implement a CISP by October 1, 2017, and certify to the Connecticut Insurance … Continue Reading
On July 10, 2017, Connecticut Governor Dannel P. Malloy released Connecticut Cybersecurity Strategy, that outlines seven key principles to assist with strengthening efforts to protect the state’s cybersecurity defenses for individuals, organizations, governmental agencies and businesses in Connecticut. The seven principles set forth in the Strategy document include: Leadership Literacy Preparation Response Recovery Communication and Verification … Continue Reading
On January 17, 2017, officials in Farmington, Connecticut disclosed that the town was recently the victim of a multi-million dollar theft likely perpetrated by sophisticated cybercriminals operating in China. The thieves intercepted a $2 million dollar Automated Clearing House (ACH) transfer that was intended as payment to a local company for work on a large … Continue Reading
Governor Bruce Rauner signed several new provisions into law amending Illinois’ Personal Information Privacy Act, including health insurance and medical information into the definition of personal information that triggers notification in the event of a breach. Health insurance information under the law includes an individual’s health insurance policy number or subscriber identification number as well … Continue Reading
Skimming continues to be a problem for ATM machines and law enforcement continues to try to combat the problem. Skimming devices are attached to credit and debit card and ATM machines in order to intercept debit and credit card information and PIN numbers as they are being entered by an individual. The skimmers then re-encode … Continue Reading
The controversy over what is a “computer crime” under the Computer Fraud and Abuse Act (CFAA) is now settled for New York, Connecticut, and Vermont. In a case we have been watching on the blog for months, United States v. Valle, the Second Circuit held that the CFAA should be read narrowly. The Court summarized … Continue Reading
On March 13, 2015, the Connecticut Attorney General’s Office announced that it has created a privacy and data security department to focus on data breach and consumer privacy investigations and litigation. Attorney General George Jepsen said, When I took office in January 2011, it became immediately clear that data privacy and security were growing concerns … Continue Reading
