On October 1, 2021, Connecticut’s two new data security laws become effective. As we previously reported, the new laws modify Connecticut’s existing breach notification requirements and establish a safe harbor from certain Connecticut Superior Court assessed damages for businesses that create and maintain a written cybersecurity program.

With the breach law amendments, Connecticut joins a number of other states in expanding the definition of “personal information” in its data breach notification statute. In addition, Connecticut joins Ohio and Utah as the third state to enact a cybersecurity safe harbor statute.