The Connecticut legislature has moved the Nutmeg State into the vanguard on data security, passing a bill that imposes strict and detailed data security requirements on state contractors and health insurers. S.B. 949 also amends Connecticut’s data breach notification law to require that entities that suffer a breach notify affected individuals and the state attorney general no later than 90 days after discovery of the breach and offer free identity theft prevention services for at least one year. In addition, the bill requires that new smartphones sold in the state between July 1, 2016, and July 1, 2017, include technology that renders the essential features of the phone inoperable if stolen. Gov. Dan Malloy has said he intends to sign the bill into law.