Skip to main content

Nixon Peabody LLP

  • People
  • Capabilities
  • Insights
  • About
Trending Topics
    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    Practices

    View All

    • Affordable Housing
    • Community Development Finance
    • Corporate & Finance
    • Cybersecurity & Privacy
    • Entertainment & Media
    • Environmental
    • Franchising & Distribution
    • Government Investigations & White Collar Defense
    • Healthcare
    • Intellectual Property
    • International Services
    • Labor, Employment, and Benefits
    • Litigation
    • Private Wealth & Advisory
    • Project Finance
    • Public Finance
    • Real Estate
    • Regulatory & Government Relations
    Industries

    View All

    • Aviation
    • Cannabis
    • Consumer
    • Energy
    • Financial Services
    • Healthcare
    • Higher Education
    • Infrastructure
    • Manufacturing
    • Nonprofit Organizations
    • Real Estate
    • Sports & Stadiums
    • Technology
    Value-Added Services

    View All

    • Alternative Fee Arrangements

      Developing innovative pricing structures and alternative fee agreement models that deliver additional value for our clients.

    • Continuing Education

      Advancing professional knowledge and offering credits for attorneys, staff and other professionals.

    • Crisis Advisory

      Helping clients respond correctly when a crisis occurs.

    • DEI Strategic Services

      Providing our clients with legal, strategic, and practical advice to make transformational changes in their organizations.

    • eDiscovery

      Leveraging law and technology to deliver sound solutions.

    • Environmental, Social, and Governance (ESG)

      We help clients create positive return on investments in people, products, and the planet.

    • Global Services

      Delivering seamless service through partnerships across the globe.

    • Innovation

      Leveraging leading-edge technology to guide change and create seamless, collaborative experiences for clients and attorneys.

    • IPED

      Industry-leading conferences focused on affordable housing, tax credits, and more.

    • Legal Project Management

      Providing actionable information to support strategic decision-making.

    • Legally Green

      Teaming with clients to advance sustainable projects, mitigate the effects of climate change, and protect our planet.

    • Nixon Peabody Trust Company

      Offering a range of investment management and fiduciary services.

    • NP Capital Connector

      Bringing together companies and investors for tomorrow’s new deals.

    • NP Second Opinion

      Offering fresh insights on cases that are delayed, over budget, or off-target from the desired resolution.

    • NP Trial

      Courtroom-ready lawyers who can resolve disputes early on clients’ terms or prevail at trial before a judge or jury.

    • Social Impact

      Creating positive impact in our communities through increasing equity, access, and opportunity.

    • Women in Dealmaking

      We provide strategic counsel on complex corporate transactions and unite dynamic women in the dealmaking arena.

    1. Home
    2. Insights
    3. Alerts
    4. Connecticut to limit liability for data security breaches—if businesses implement cybersecurity controls

      Alerts

    Alert / Data Privacy & Cybersecurity

    Connecticut to limit liability for data security breaches—if businesses implement cybersecurity controls

    July 8, 2021

    LinkedInX (Twitter)EmailCopy URL

    By Leslie Hartford

    Beginning in October, Connecticut companies may be shielded from certain damages related to security breaches—on the condition that they've implemented cybersecurity policies in compliance with recognized standards.

    What’s the Impact?

    • The new legislation would shield businesses from punitive damages in actions brought under Connecticut law concerning a breach that compromises the personally identifiable information of Connecticut residents.
    • Companies have several paths to demonstrate compliance with data security requirements.
    • Experienced counsel can help businesses ensure that their policies and protocols are sufficient to qualify under the Act.

    DOWNLOAD

    Connecticut to limit liability for data security breaches (PDF)

    The recently passed Connecticut Cybersecurity Standards Act creates a “safe harbor” from punitive damages for companies that implement a written cybersecurity policy in compliance with recognized standards. The law, which goes into effect October 1, applies to any business that “accesses, maintains, communicates or processes personal information” and also expands the definition of personal information to include biometric data. If applicable, the new legislation would shield businesses from punitive damages in actions brought under Connecticut law concerning a breach that compromises the personally identifiable information of Connecticut residents.

    The Connecticut Cybersecurity Standards Act joins comparable legislation from Ohio and Utah in encouraging comprehensive and standardized cybersecurity policies in exchange for safe harbor. The law lists six frameworks employed in the public and private sectors: “(i) The "Framework for Improving Critical Infrastructure Substitute House Bill Cybersecurity" published by the National Institute of Standards and Technology; (ii) The National Institute of Standards and Technology's special publication 800-171; (iii) The National Institute of Standards and Technology's special publications 800-53 and 800-53a; (iv) The Federal Risk and Management Program's "FedRAMP Security Assessment Framework"; (v) The Center for Internet Security's "Center for Internet Security Critical Security Controls for Effective Cyber Defense"; or (vi) The "ISO/IEC 27000-series" information security standards published by the International Organization for Standardization and the International Electrotechnical Commission.”

    A company may also qualify by conforming to the data security requirements of the Health Insurance Portability and Accountability Act (HIPPA), the Gramm-Leach-Biley Act, the Federal Information Security Modernization Act, or the Health Information Technology for Economic and Clinical Health Act (HITECH). As is the norm in the data privacy realm, conformity obligations are continually evolving, and a company has six months to update its policies to remain in compliance following any amendments to these laws or risk losing its safe harbor status.

    The Cybersecurity Standards Act also notes cybersecurity policies are proportional to the nature of each business. It states that the “scale and scope” of a company’s cybersecurity program may consider the size and complexity of the business, the nature of the business’s activities, the sensitivity of the protected information, and the cost and availability of the tools necessary to improve cybersecurity. However, the bar on punitive damages does not apply if the company fails to implement reasonable cybersecurity protocols as a “result of gross negligence or willful or wanton conduct.” Businesses should consult with their Nixon Peabody attorney, or other knowledgeable advisor, to ensure that their policies and protocols are sufficient to qualify under the Act.

    Practices

    Cybersecurity & Privacy
    The foregoing has been prepared for the general information of clients and friends of the firm. It is not meant to provide legal advice with respect to any specific matter and should not be acted upon without professional counsel. If you have any questions or require any further information regarding these or other related matters, please contact your regular Nixon Peabody LLP representative. This material may be considered advertising under certain rules of professional conduct.

    Subscribe to stay informed of the latest legal news, alerts, and business trends.Subscribe

    • People
    • Capabilities
    • Insights
    • About
    • Locations
    • Events
    • Careers
    • Alumni
    • Cookie Preferences
    • Privacy Policy
    • Terms of Use
    • Accessibility Statement
    • Statement of Client Rights
    • Purchase Order Terms & Conditions
    • Nixon Peabody International LLC
    • PAL
    © 2025 Nixon Peabody. All rights reserved