Connecticut pushes cybersecurity with gives of punitive injury safety
Connecticut Gov. Ned Lamont signed a invoice designed to encourage companies within the state to beef up their cybersecurity.
“An Act Incentivizing the Adoption of Cybersecurity Standards for Businesses” will shield companies from punitive damages ensuing from a breach of private information if they’ve adopted and cling to industry-standard cybersecurity measures.
The brand new regulation requires companies to safe people’ names, Social Safety numbers, taxpayer ID numbers, driver’s license numbers or different authorities identifiers; monetary account numbers and passwords; medical or medical insurance info; biometric info; and names or electronic mail handle which might be utilized in mixture with a password or safety to entry on-line accounts.
To be exempt from damages, a company should conform to the present model of any acknowledged safety framework such because the Nationwide Institute of Requirements and Expertise’s Framework for Enhancing Vital Infrastructure Cybersecurity; Particular Publications 800-171, 800-53 and 800-53a; the Federal Threat and Authorization Administration Program’s FedRAMP Safety Evaluation Framework; the Middle for Web Safety’s Vital Safety Controls for Efficient Cyber Protection; or the ISO/IEC 27000 sequence.
Organizations already regulated by the state or federal authorities should hold their compliance with the Well being Insurance coverage Portability and Accountability Act, the Federal Data Safety Modernization Act and the Well being Data Expertise for Financial and Scientific Well being Act with a purpose to keep away from paying punitive damages.
Companies should additionally adjust to the present model of the Cost Card Trade Knowledge Safety Normal.
When any of the relied-upon cybersecurity requirements are up to date, companies have six months to conform.
The laws is the most recent of Connecticut’s efforts to higher safe its property. Earlier this yr, Lamont announced the centralization of state IT assets and named Jeff Brown because the state’s first chief info safety officer.
“Throughout the globe, cybersecurity dangers proceed to rise,” Brown mentioned. “Connecticut is investing in cybersecurity and know-how in new methods to guard our residents and companies. We’re bringing our statewide info know-how staff collectively into one, collaborative group that may assist us determine and deter cybersecurity incidents quicker, deliver everybody onto streamlined platforms, and in the end shield extra personal info.”
The measure goes into impact on Oct. 1, 2021.
Join with the GCN employees on Twitter @GCNtech.