News: Connecticut

Connecticut municipalities to follow data breach laws - by Burt Cohen and Daniel Kagan

Burt Cohen, Murtha  Cullina LLP Burt Cohen, Murtha
Cullina LLP

In the world of data breaches, John Chambers, CEO at Cisco, explained it best: “There are only two kinds of companies. Those that were hacked and those that don’t yet know they were hacked.” With the ever increasing rate of data breaches nationwide, and with no industry left unscathed, Connecticut enacted Public Act 15-142, “An Act Improving Data Security and Agency Effectiveness.” This Act’s passage creates an opportunity to revisit Connecticut’s data security and breach notification statute to analyze the extent of its reach. Besides applying to Connecticut businesses, the statute also applies to municipalities, as described in further detail below. And, not unlike the private sector, municipalities are just as susceptible to the ongoing threat of data breaches. The best practice for municipal government is to adopt and implement a written information security plan (WISP), tailored to the specifics of Connecticut town government, which establishes procedures to protect confidential data from disclosure. Recent events continue to show, municipalities are the targets of hackers. Two events in particular provide ripe examples of how municipal and state governments are at risk for various types of data breaches. Earlier this month the town of Medfield, Mass. was the target of a ransomware attack. The attack locked its computer system for almost one week before the town paid the requested ransom. And, in a more “typical” data breach event, 14,200 people, mostly current and former Salt

Daniel Kagan, Murtha  Cullina LLP Daniel Kagan, Murtha
Cullina LLP

Lake County, Utah employees had their personal information exposed in a data breach last summer. This data breach was confirmed after the Utah attorney general recently completed an investigation. In this age of instant information, municipalities have all types of information that would be considered “personal information” under Conn. Gen. Stat. § 36a-701b. The statute defines “personal information” to include “an individual’s first name or first initial and last name in combination of one, or more, of the following data: (A) Social Security number; (B) driver’s license number or state identification card number; or (C) account number, credit or debit card number, in combination with any required security code, access code or password that would permit access to an individual’s financial account.” While this definition of personal information does not include any publicly available information that is lawfully made available to the general public from federal, state or local government records or from widely distributed media, Conn. municipalities now accept payments via credit or debit cards for taxes and fees, along with the usual personnel information for municipal employees and officials.Further, under this statute, “any person who conducts business in this state, and who, in the ordinary course of such person’s business, owns, licenses or maintains computerized data that includes personal information” is subject to the statute’s data security and breach notification requirements. The key question arising from the Conn. data breach law is whether a municipality constitutes a “person who conducts business in this state.” As it turns out, under the applicable definitional statute, Conn. Gen. Stat. § 36a-2, “person” is broadly defined to include not only companies, but also any municipal government or agency. Thus, Conn. municipal governments need to secure the types of personal information they own, license and maintain.

Burt Cohen is a partner and Daniel Kagan is an associate with Murtha Cullina LLP, New Haven, Conn.

READ ON THE GO
DIGITAL EDITIONS
Subscribe
READ ON THE GO
DIGITAL EDITIONS
Subscribe
Quick Hits
STAY INFORMED FOR $9.99/Mo.
NEREJ PRINT EDITION
Stay Informed
STAY CONNECTED
SIGN-UP FOR NEREJ EMAILS
Newsletter
Columns and Thought Leadership
Ask the Electrician:  How do I prepare my commercial building for a disaster?

Ask the Electrician: How do I prepare my commercial building for a disaster?

New England’s notorious weather – from fierce winter storms to summer squalls and fall hurricanes – can leave businesses in the dark. While power outages are often blamed on storms, they can also be caused by unforeseen events like accidents or construction mishaps. While it’s impossible to prevent disasters and power outages entirely, proactive preparation can significantly minimize their impact on your commercial building.
The New England Real Estate Journal presents<br> the First Annual Project of the Year Award! Vote today!

The New England Real Estate Journal presents
the First Annual Project of the Year Award! Vote today!

The New England Real Estate proud to showcase the remarkable projects that have graced the cover and center spread of NEREJ this year, all made possible by the collaboration of outstanding project teams. Now, it's time to recognize the top project of 2024, and we need your vote!
Investing in a falling rate environment - by Harrison Klein

Investing in a falling rate environment - by Harrison Klein

Long-term interest rates have fallen by 100 basis points, and the market is normalizing. In December of 2022 I wrote an article about investing in a high interest rate, high inflation market. Since then, inflation has cooled off, and the Fed has begun lowering their funds rate.
The 2024 CRE markets: “The Ups” (industrial) and “The Downs” (Boston class B/C office) - by Webster Collins

The 2024 CRE markets: “The Ups” (industrial) and “The Downs” (Boston class B/C office) - by Webster Collins

The industrial markets have never been stronger. What has happened is that the build out of Devens with new high-tech biotech manufacturing with housing to service these buildings serves as the connector required to really make the I-495 West market sizzle. Worcester has been the beneficiary