Following in the footsteps of the New York Department of Financial Regulation (NYDFS) in enacting cybersecurity requirements for the financial services industry, and in response to massive data breaches in the insurance industry, a wave of states have either enacted or are pursuing legislation aimed at regulating the cybersecurity measures of insurance companies. In 2017, … Continue Reading
Last week, two Senators, Senator Edward J. Markey of Massachusetts and Senator Richard Blumenthal of Connecticut sent a letter to the Federal Trade Commission (FTC) regarding apps designed for children and whether they are in compliance with the Children’s Online Privacy Protection Act (COPPA), See 15 U.S.C. 6501 and regulations at 16 C.F.R. Part 312 … Continue Reading
Add Connecticut, Ohio and Vermont to the list of states passing legislation focused on the potential disruptive impact of blockchain – the technology underlying cryptocurrencies such as Bitcoin. As federal regulators continue to monitor and offer guidance in the cryptocurrency space, with particular focus on Initial Coin Offerings (ICOs), state legislatures around the country are … Continue Reading
On June 27, 2018, the State of Connecticut Treasurer’s Office announced that about $1.4 million had been stolen from Connecticut Higher Education Trust (CHET) college-savings accounts. This theft resulted from data security breaches that occurred in early June, 2018. Connecticut State Treasurer Denise L. Nappier confirmed that TIAA-CREF Tuition Financing Inc. (TIAA-CREF), the CHET Direct … Continue Reading
On June 4, 2018, Connecticut Governor Dannel P. Malloy signed into law Public Act No. 18-90 “An Act Concerning Security Freezes on Credit Reports, Identity Theft Prevention Services and Regulations of Credit Rating Agencies” (P.A. 18-90). This bill makes several revisions to Connecticut laws concerning identity theft, most notably by newly prohibiting credit reporting agencies … Continue Reading
Imagine that you are sitting in your backyard and a drone flies overhead. It hovers. The camera adjusts and looks right at you. Then it flies away. You are left wondering who is operating it and why. On a number of occasions, similar encounters with unknown drones had led to visceral (sometimes even violent) reactions … Continue Reading
In a long-awaited decision concerning the confidentiality of medical records and patient privacy, the Connecticut Supreme Court recently concluded that the physician-patient relationship establishes a duty of confidentiality to a patient in Connecticut, and that unauthorized disclosure of confidential information obtained for the purpose of treatment in the course of that relationship gives rise to … Continue Reading
The U.S. Attorney’s Office of the District of Connecticut has announced the creation of a Connecticut Cyber Task Force (“CCTF”) in partnership with the FBI, DEA, Secret Service, Homeland Security, IRS, Connecticut State Police, and 11 local police departments from throughout Connecticut as well as other federal authorities. The CCTF’s initial focus will be twofold: … Continue Reading
The Connecticut State Department of Education (DOE) recently published guidance on implementing civil rights protections for transgender students. The guidance, in part, provides information on issues related to requests that a school change a student’s education records to be consistent with their chosen name and gender identity. Notably, the guidance recognized tension that may arise … Continue Reading
We previously outlined the requirements of the Connecticut data breach law when it was amended in 2015, including the requirement to implement a comprehensive information security program (CISP). The law requires that Third Party Administrators (TPAs) and Pharmacy Benefit Managers (PBMs) must implement a CISP by October 1, 2017, and certify to the Connecticut Insurance … Continue Reading
On July 10, 2017, Connecticut Governor Dannel P. Malloy released Connecticut Cybersecurity Strategy, that outlines seven key principles to assist with strengthening efforts to protect the state’s cybersecurity defenses for individuals, organizations, governmental agencies and businesses in Connecticut. The seven principles set forth in the Strategy document include: Leadership Literacy Preparation Response Recovery Communication and Verification … Continue Reading
On January 17, 2017, officials in Farmington, Connecticut disclosed that the town was recently the victim of a multi-million dollar theft likely perpetrated by sophisticated cybercriminals operating in China. The thieves intercepted a $2 million dollar Automated Clearing House (ACH) transfer that was intended as payment to a local company for work on a large … Continue Reading
Governor Bruce Rauner signed several new provisions into law amending Illinois’ Personal Information Privacy Act, including health insurance and medical information into the definition of personal information that triggers notification in the event of a breach. Health insurance information under the law includes an individual’s health insurance policy number or subscriber identification number as well … Continue Reading
Skimming continues to be a problem for ATM machines and law enforcement continues to try to combat the problem. Skimming devices are attached to credit and debit card and ATM machines in order to intercept debit and credit card information and PIN numbers as they are being entered by an individual. The skimmers then re-encode … Continue Reading
The controversy over what is a “computer crime” under the Computer Fraud and Abuse Act (CFAA) is now settled for New York, Connecticut, and Vermont. In a case we have been watching on the blog for months, United States v. Valle, the Second Circuit held that the CFAA should be read narrowly. The Court summarized … Continue Reading
On March 13, 2015, the Connecticut Attorney General’s Office announced that it has created a privacy and data security department to focus on data breach and consumer privacy investigations and litigation. Attorney General George Jepsen said, When I took office in January 2011, it became immediately clear that data privacy and security were growing concerns … Continue Reading
