• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to secondary sidebar

Alston & Bird Privacy, Cyber & Data Strategy Blog

  • Home
  • Services
  • Events
  • Contacts

Vermont and Connecticut Add Attorney General Notification to Data Breach Notice Statutes

June 12, 2012 By Privacy, Cyber & Data Strategy Team

In what appears to be a growing trend, Vermont and Connecticut have added a requirement to separately notify the states’ Attorney General’s office of a data breach involving the personal information of Vermont and Connecticut residents. Last year, California amended its data breach notification statute with a similar requirement.

 

Vermont’s amended Security Breach Notification Act, revised on May 8, 2012, not only added the attorney general notification requirement, it also revised the trigger for notification from unauthorized “acquisition or access” of personally identifiable information to simply unauthorized access. Further, the statute provides a number of factors to consider when assessing whether personally identifiable information has been acquired. Thus, while raising the requirement of what an entity possessing the personal data of Vermont residents must do in the event of a security breach, the Vermont legislature also attempted to clarify what constitutes a security breach.

 

Connecticut’s revisions take effect on October 1, 2012. The amended statute requires any entity that is obligated to disclose a security breach to residents or owners or licensees of the personal data of Connecticut residents to provide notice of the breach to the Attorney General not later than the time notice is provided to the resident, owner or licensee.

 

With the addition of Vermont and Connecticut, there are now 17 U.S. jurisdictions which require data breach notification to the Attorney General or other state official.

Written by Bruce Sarkisian, Associate | Alston & Bird LLP

Filed Under: Uncategorized

Primary Sidebar

This blog is a service of Alston & Bird’s Privacy, Cyber & Data Strategy team and focuses on key data privacy and data security issues.


Receive email notifications when new posts are added.

Receive email notifications when new posts are added.


THE DIGITAL DOWNLOAD
Click here to see the editions

PRIVACY & CYBER EVENTS
Click here to see upcoming and past events

PRIVACY & CYBER MAILINGS
Click here to sign up

@ALSTONPRIVACY
Click here to follow us on Twitter

Secondary Sidebar

Categories

Recent Posts

  • DOJ Issues New Policy on CFAA Prosecutions
  • EDPB Issues Draft Guidelines on the Calculation of Administrative Fines
  • The California Privacy Protection Agency Solicits Public Input on Forthcoming Privacy Regulations
  • U.S. Department of Commerce Announces the Establishment of a Global CBPR Forum
  • Colorado Issues Pre-Rulemaking Considerations for the Colorado Privacy Act
Copyright © 2022 · Alston & Bird · All Rights Reserved. Privacy.