While the FBI continues to seek ways of guaranteeing access to the encrypted communications of terrorists and criminals, states continue to expand their requirements that companies use encryption for certain data.  New Jersey and Connecticut are the latest to do so, enacting laws in 2015 that require health insurers to encrypt the transferrable personal information of their residents.  The Connecticut legislation also imposes other specific data security requirements on health insurers, as well as on state contractors.  The laws are more narrowly targeted than the generally applicable encryption requirements adopted previously by Massachusetts and Nevada, but they still suggest a building trend of states establishing stricter and more specific demands for data security.