Jackson Lewis Law Firm Logo Effective October 1, 2021, Connecticut becomes the third state with a data breach litigation “safe harbor” law ( Public Act No. 21-119 ), joining Utah and Ohio. In short, the Connecticut law prohibits courts in the state from assessing punitive damages in data breach litigation against a covered defendant that created, maintained, and complied with a cybersecurity program that meets certain requirements. Cyberattacks are on the rise – think Colonial Pipeline, Kaseya, JBS, and others – with ransomware attacks up 158 percent from 2019-2020 in North America .

The hope is this law will provide covered entities of all sizes an incentive to implement stronger controls over their information systems. According to Homeland Security Secretary Alejandro Mayorkas: As a matter of fact, small businesses comprise approximately one-half to three-quarters of the victims of ransomware So, what can “covered entities” in Connecticut do to at least […]