In a late Monday vote, the Connecticut General Assembly unanimously okayed changes to the state's data breach notification law, which would strengthen protections of existing law by requiring that all breaches be reported to the state Attorney General's office within 90 days.
It also mandates that identity theft victims whose Social Security numbers have been accessed be provided with one year of identity theft protection. Current law also requires that breaches be reported, but does not specify a deadline. Governor Dannel P. Malloy is expected to sign the new bill, although it will go into law even if he does not.
Once the changes put forth in Senate Bill 949 are recorded into the law, they will go into effect Oct. 1.