- State Data Breach Notification Matrix Update - Texas and Connecticut
- October 8, 2012 | Author: Cynthia J. Larose
- Law Firm: Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. - Boston Office
It’s time for an updated version of our “Mintz Matrix” - the Mintz Levin matrix of state data security breach notification laws. We update this matrix quarterly, or as developments dictate.
In this update, we call particular attention to changes in the following states:
Texas - The amendment to the Texas breach notification statute took effect September 1, 2012. We previously blogged about these amendments, which could be construed to now act as a 50-state breach notification statute. It requires entities that conduct business in Texas to provide notice to both affected Texas residents and to non-residents if the non-resident lives in a state that does not require notification of the security breach. As of today, those states include Alabama, Kentucky, New Mexico and South Dakota. The amendment also increased penalties for violations to $100 per affected individual per day of failed or delayed notification, up to $250,000 for a single breach.
Connecticut - The amended version of Connecticut’s data breach notification law adds a requirement to notify the Connecticut Attorney General “not later than the time when notice is provided to the resident.” This amendment took effect on October 1, 2012. Attorney General George Jepsen’s Privacy Task Force has established an email address to facilitate breach reporting at [email protected]. A link to the email address and information regarding the new reporting requirement is at the AG’s website.