As we reported on this year, many states amended their breach notice laws in 2015, including several that are now effective, like Nevada, Oregon, North Dakota, Washington, Montana, and Wyoming. Also included in that list is Connecticut, whose breach notice law now requires that notice be made without unreasonable delay “but not later than ninety days after the discovery of [the] breach….” The amendment to the Connecticut law, which became effective October 1, also requires that companies offer impacted Connecticut residents identity theft mitigation and identity prevention services. Such services are to be provided at no cost to the resident for a period of not less than 12 months.

TIP: Companies that have suffered a breach that includes Connecticut residents should ensure that they are following that state’s identity theft mitigation services requirements.