A new Connecticut bill, SB 117, An Act Concerning Breaches of Security Involving Electronic Personal Information, would impose mandatory forensic examination requirements for entities that experience a “massive breach of security” defined as a data breach affecting at least 100,000 Connecticut residents.
According to the article, the measure would require those entities to immediately retain a qualified third-party forensic examiner to conduct a forensic examination of the affected computer system and to prepare a detailed report disclosing how the breach occurred and its root causes. The detailed forensic report would then have to be submitted to the Connecticut Attorney General within 90 days of discovering the breach, under the proposed legislation.
Noncompliance could incur civil penalties of $100,000 for small businesses and $500,000 for other entities. The post notes that Hayley Steele and Gregory Szewczyk of Ballard Spahr provide the analysis, with a Read more link to JDSupra for the legal summary. If enacted, the bill would raise the stakes for breach response and oversight in Connecticut.