Connecticut Attorney General George Jepsen has announced the creation of a Privacy Task Force to help educate the public about data protection requirements and to focus his Office’s response to Internet privacy concerns and data breaches that affect consumers. According to Attorney General Jepsen's press release, “Internet and data privacy have been among the biggest issues affecting the broad public interest during my first eight months in office” and nearly a dozen investigations have been initiated or pursued regarding security breaches that resulted in the loss of medical and insurance records or personal customer information.
Like nearly all states across the country, Connecticut has a data breach notification law. In addition, in 2010, the state's Insurance Commission adopted a set of data breach notification rules specific to its licensees.
The Task Force will be responsible for all investigations of consumer privacy breaches, which we are assuming will apply to breaches of any personal information for which notification is required, including patients and employees. The Task Force will also help to educate the public and business community about their responsibilities, which include protecting personally sensitive data and promptly notifying affected individuals when breaches do occur.
Once again, we have clear evidence that another state is moving in the direction of increased attention to and enforcement of the its existing data security and consumer protection mandates. Connecticut businesses and businesses maintaining personal information of Connecticut residents should revisit their information security programs and data breach response plans in light of this new Task Force.