United States of America: Defense against cybersecurity liability in introduced Connecticut House Bill 6607

The Act Incentivizing the Adoption of Cybersecurity Standards for Businesses (House Bill 6607) was introduced to the Connecticut House of Representatives. The bill creates a defence in any action brought under Connecticut law alleging a failure to implement adequate cybersecurity controls that resulted in a data breach involving personal or restricted information. In detail, Superior Courts shall not assess punitive damages against a covered entity if the entity created, maintained and complied with a written cybersecurity program that conforms to an industry-recognized cybersecurity framework. Accepted frameworks can be found in subsection c. A "covered entity" means a business that accesses, maintains, communicates or processes personal information or restricted information.