It has become standard operating procedure for companies to offer some form of credit monitoring services to individuals affected by a data breach, but the length of time and services provided often vary. Concerned states, including Connecticut, are now imposing requirements on businesses that suffer a data breach.
Beginning October 1, 2015, companies doing business in the state (even if they have no physical location in the state) that experience a data breach affecting a Connecticut resident must offer that individual free identity-theft prevention services and, if applicable, identity theft mitigation services for at least one year. The breach must include the resident's name and Social Security number (SSN).
Companies that maintain cyber insurance policies which cover breaches of personal information may find that those policies will cover the cost of similar services. Of course, these companies should work with their brokers and other counsel to ensure the policies would be sufficient to cover the insured's obligations under this change in Connecticut's law. Companies without insurance may want to consider whether an insurance or similar product would be needed to address this and similar law changes making data breach response increasingly more expensive.
Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader
Your access to unlimited PropertyCasualty360 content isn’t changing.
Once you are an ALM digital member, you’ll receive:
- All PropertyCasualty360.com news coverage, best practices, and in-depth analysis.
- Educational webcasts, resources from industry leaders, and informative newsletters.
- Other award-winning websites including BenefitsPRO.com and ThinkAdvisor.com.
Already have an account? Sign In
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.