New Connecticut law nudges businesses to adopt cybersecurity controls

July 6, 2021

Connecticut Gov. Ned Lamont on Tuesday signed legislation making the state the third to offer businesses a safe harbor on data security if they implement one of several sets of cybersecurity controls.

The Cybersecurity Standards Act stipulates that companies operating in Connecticut won’t receive “punitive damages” from state courts if they suffer a breach exposing residents’ personally identifiable information — including names, addresses, Social Security numbers, medical records and financial information — if they have a written cybersecurity policy that follows a recognized cybersecurity framework.