It has become standard operating procedure for companies to offer some form of credit monitoring services to individuals affected by a data breach, but the length of time and services provided often vary. Concerned states, including Connecticut, are now imposing requirements on businesses that suffer a data breach.
Beginning October 1, 2015, companies doing business in the state (even if they have no physical location in the state) that experience a data breach affecting a Connecticut resident must offer that individual free identity-theft prevention services and, if applicable, identity theft mitigation services for at least one year. The breach must include the resident's name and Social Security number (SSN).
Companies that maintain cyber insurance policies which cover breaches of personal information may find that those policies will cover the cost of similar services. Of course, these companies should work with their brokers and other counsel to ensure the policies would be sufficient to cover the insured's obligations under this change in Connecticut's law. Companies without insurance may want to consider whether an insurance or similar product would be needed to address this and similar law changes making data breach response increasingly more expensive.
Continue Reading for Free
Register and gain access to:
- Breaking insurance news and analysis, on-site and via our newsletters and custom alerts
- Weekly Insurance Speak podcast featuring exclusive interviews with industry leaders
- Educational webcasts, white papers, and ebooks from industry thought leaders
- Critical converage of the employee benefits and financial advisory markets on our other ALM sites, BenefitsPRO and ThinkAdvisor
Already have an account? Sign In Now
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
