State Breach Law

Connecticut Data Breach Notification Law

Conn. Gen. Stat. § 36a-701b • Effective 2006-01-01

Connecticut gives you 60 days to notify affected residents. The state AG must also be notified. New privacy law adds extra requirements.

Notification deadline: 60 days

Enforcement: Connecticut Attorney General

Overview

Connecticut requires notification within 60 days of breach discovery. Enhanced requirements under CTDPA effective 2023.

Who Must Be Notified

  • Affected Connecticut residents
  • Connecticut Attorney General

Covered Data Types

Social Security number, Driver's license number, Financial account numbers, Biometric data, Online credentials

Notification Requirements

  • Written notice
  • Must include breach description
  • Contact information required

Is your business exposed?

Exemptions

  • Encrypted data
  • HIPAA-covered entities

Penalties

Up to $5,000 per violation, private right of action under CTDPA

If You Experience a Breach

  1. 1.

    Notify AG and residents within 60 days

Official Source

https://portal.ct.gov/AG

Other State Breach Laws

New York, Texas, Florida

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices