Modification(s) to Connecticut Breach Notification regulations

[Henry Brown <hbrown () knology net>]

  From Infolaw group http://bit.ly/amaSms


Posted at 2:50 PM on September 14, 2010 by Tanya Forsheit
The Connecticut Insurance Department Bulletin on Breach Notification

Think there's nothing new in the world of state breach notification laws 
and regulations?  Think again.  On a Wednesday in August, the State of 
Connecticut Insurance Department issued Bulletin IC-25 ( 
http://bit.ly/dl13DM  ) to all regulated entities in Connecticut, 
including insurance producers, public adjusters, bail bond agents, 
appraisers, certified insurance consultants, casualty claim adjusters, 
property and casualty insurers, life and health insurers, health care 
centers, fraternal benefit societies, captive insurers, utilization 
review companies, risk retention groups, surplus line companies, life 
settlement companies, preferred provider networks, pharmacy benefit 
managers, and medical discount plans, requiring that ALL licensees and 
registrants notify the Department of any information security incident 
which affects any Connecticut residents.  This is in addition to, and 
goes beyond, the existing breach notification requirements under Conn. 
Gen Stat. 36a-701(b).  The procedural requirements set forth in the 
Bulletin are extensive, detailed, and will require covered organizations 
to act VERY quickly when they learn of a  potential incident.  Following 
are the basics:

...
_______________________________________________
Dataloss-discuss Mailing List (dataloss-discuss () datalossdb org)
Archived at http://seclists.org/dataloss/

Get business, compliance, IT and security staff on the same page with
CREDANT Technologies: The Shortcut Guide to Understanding Data Protection
from Four Critical Perspectives. The eBook begins with considerations
important to executives and business leaders.
http://www.credant.com/campaigns/ebook-chpt-one-web.php