It’s been a busy 2021 legislative session for changes to data breach laws, and that means it is time to review and update your incident response plans. Several states have shortened data breach notification timelines or expanded their definitions of “personal information,” thus changing what may trigger a breach notification requirement. Also, Connecticut has added a law providing a limited safe harbor for entities that maintain and comply with a written cybersecurity program.

Our Mintz Matrix has been updated to reflect the new 2021 requirements and should be a part of your information security toolbox.