It has become standard operating procedure for companies to offer some form of credit monitoring services to individuals affected by a data breach, but the length of time and services provided often vary. Concerned states, including Connecticut, are now imposing requirements on businesses that suffer a data breach.

Beginning October 1, 2015, companies doing business in the state (even if they have no physical location in the state) that experience a data breach affecting a Connecticut resident must offer that individual free identity-theft prevention services and, if applicable, identity theft mitigation services for at least one year. The breach must include the resident's name and Social Security number (SSN).

Companies that maintain cyber insurance policies which cover breaches of personal information may find that those policies will cover the cost of similar services. Of course, these companies should work with their brokers and other counsel to ensure the policies would be sufficient to cover the insured's obligations under this change in Connecticut's law. Companies without insurance may want to consider whether an insurance or similar product would be needed to address this and similar law changes making data breach response increasingly more expensive.

Want to continue reading?
Become a Free PropertyCasualty360 Digital Reader

  • All news coverage, best practices, and in-depth analysis.
  • Educational webcasts, resources from industry leaders, and informative newsletters.
  • Other award-winning websites including and

© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.