Connecticut, Massachusetts and Nevada recently enacted laws requiring businesses to institute certain compliance measures to secure personal information that can be used to perpetrate identity theft. The Massachusetts law applies to a business located anywhere in the United States that stores or maintains personal information about a Massachusetts resident. This article discusses the requirements of these new state laws and their practical significance for businesses.

The personal information at issue includes Social Security, driver's license and financial account numbers, each in combination with a person's name. Forty-four states, including Connecticut, Massachusetts and Nevada, currently require businesses to notify individuals if there is a breach of personal information. This notification permits individuals to take steps to protect their credit cards and bank accounts from identity theft. Rather than simply requiring businesses to respond to a data breach with notifications, the new Connecticut, Massachusetts and Nevada laws impose certain compliance obligations on businesses to protect personal information from a data breach.

Read the full article