Can I avoid having a data breach response plan in Connecticut? What are the requirements?

Data Breach Response Plan Requirements in Connecticut

Connecticut state law requires contractors who receive confidential information to implement and maintain a comprehensive data-security program for the protection of confidential information, including breach investigation procedures that are appropriate given the nature of the information disclosed and that are reasonably designed to protect the confidential information from unauthorized access, use, modification, disclosure, manipulation, or destruction ^[4.1].

According to the Personal Data Act, personal data means any information that can be readily associated with a particular person, including name, identifying number, mark, or description ^[2.1]. The Connecticut State Labor Department must disclose to individuals, upon request, the legal authority under which the agency is empowered to collect and maintain the personal data, the individual’s rights pertaining to such records under the Personal Data Act and the agency’s regulations, the known consequences arising from supplying or refusing to supply the requested personal data, and the proposed use to be made of the requested personal data ^[1.2].

The Connecticut State Labor Department will collect and maintain all records with accurateness and completeness, and personal data will not be maintained unless relevant and necessary to accomplish the lawful purposes of the Department ^[1.3][5.1].

Therefore, it is important for contractors to have a data breach response plan in place to comply with Connecticut state laws. There are no provisions in the documents provided that allow contractors to avoid having a data breach response plan in Connecticut.

In case of a breach, the contractor must notify the state contracting agency and the Attorney General as soon as practical after the contractor becomes aware of or has reason to believe that any confidential information that the contractor possesses or controls has been subject to a confidential information breach ^[4.1].

Conclusion

Based on the documents provided, contractors cannot avoid having a data breach response plan in Connecticut. They must implement and maintain a comprehensive data-security program for the protection of confidential information, including breach investigation procedures that are appropriate given the nature of the information disclosed and that are reasonably designed to protect the confidential information from unauthorized access, use, modification, disclosure, manipulation, or destruction.

Source(s):

• [2.1] Personal data—definitions
• [1.2] Uses to be made of personal data—general disclosure to individuals from whom personal data is requested
• [1.3] Maintenance of personal data—general
• [4.1] Requirements for state contractors who receive confidential information. Definitions. Minimum requirements. Prohibitions. Breach. Violation. Ban. Effect on other applicable laws.
• [5.1] Maintenance of personal data

Jurisdiction

Connecticut

• Privacy