Time to Update Your Incident Response Plans
It’s been a busy 2021 legislative session for changes to data breach laws, and that means it is time to review and update your incident response plans. Several states have shortened data breach notification timelines or expanded their definitions of “personal information,” thus changing what may trigger a breach notification requirement. Also, Connecticut has added a law providing a limited safe harbor for entities that maintain and comply with a written cybersecurity program.
Our Mintz Matrix has been updated to reflect the new 2021 requirements and should be a part of your information security toolbox.
As always, if you have questions regarding compliance with data protection laws, contact the Mintz Privacy team.
Author
Cynthia J. Larose
Member / Chair, Privacy & Cybersecurity Practice
Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.