Report a Breach of Security Involving Computerized Data
Beginning October 1, 2012, Connecticut state law requires any person who conducts business in the state and experiences a breach of security involving computerized data to provide notice to the Office of the Attorney General in addition to state residents who may be affected.
To assist business owners in complying with this requirement, the Office of the Attorney General has a dedicated email address for reporting. To report a data breach, please email firstname.lastname@example.org.
Pursuant to Connecticut General Statutes § 36a-701b, anyone who conducts business in Connecticut and who – in the ordinary course of business – owns, licenses or maintains computerized data that includes personal information is required to disclose a security breach without unreasonable delay to state residents whose personal information is believed to have been compromised.
Additionally, business owners must notify the Office of the Attorney General no later than when the affected residents are notified.
Failure to provide such notice may be considered a violation of the Connecticut Unfair Trade Practices Act (CUTPA).
To simplify the process and minimize the need for the Office of the Attorney General to request additional information, please include the following in any breach notification:
Name of person reporting, name of business and contact information.
A list of the types of personal information that were or are reasonably believed to have been the subject of the breach.
A general description of the breach, including the date of the breach and the number of Connecticut residents affected.
Whether the notification was delayed because of a law enforcement investigation (if applicable).