On January 16, 2018, in Byrne v. Avery, the Connecticut Supreme Court unilaterally created a new state law cause of action for violation of a patient’s health care privacy.
Connecticut case finds health care privacy cause of action
New data security law in Connecticut imposes new requirements on businesses, regulated entities, and state contractors
On June 11, 2015, Connecticut Governor Dannel Malloy signed Senate Bill 949 (“S.B. 949”) into law. This new law imposes a various new requirements relating to data breach response and notification, including imposing a hard 90-day deadline for data breach reporting and requiring that entities regulated by the Connecticut Insurance Department to implement and maintain a “comprehensive information security program” to protect personal information. The various sections of S.B. 949 take effect in stages, with some having taken effect on July 1, 2015, and others becoming effective as late as October 1, 2017.