The Connecticut Attorney General's office released a new, standardized form this week designed to make it easier for businesses to report data breaches.
Companies are required by state law to report a data breach to the Attorney General’s office no later than when impacted residents are notified of the breach.
Attorney General William Tong said the updated form will simplify the reporting process following changes to the state's data privacy statutes last year.
“This new online form will benefit our office and businesses alike,” Tong said in a statement.
“More importantly, it will help us more easily ensure that breached businesses have appropriately notified and offered protection services to impacted Connecticut residents.”
During the 2021 legislative session, lawmakers shortened the amount of time businesses have to report breaches from 90 days to 60 days.
The legislature also broadened the definition of personal information that companies are required to report if they experience a data breach.
Organizations are protected from punitive damages if a third party sues following a data breach if they adopted industry-recognized cybersecurity standards.
The announcement comes as the number of data breaches has significantly increased over the years, reaching more than 1,500 cases in 2021 alone.
“This is a great step taken by the Attorney General’s office,” CBIA's Ashley Zane said.
“This allows the state to prioritize high risk data breaches which will become increasingly important as cyberattacks become more common.”