On March 13, 2015, the Connecticut Attorney General’s Office announced that it has created a privacy and data security department to focus on data breach and consumer privacy investigations and litigation. Attorney General George Jepsen said,
When I took office in January 2011, it became immediately clear that data privacy and security were growing concerns in our state and across the country… In the four years since, nothing has lessened the importance of our privacy work… Sadly there is no reason to predict that the demands of privacy and data security concerns will subside in the foreseeable future.
The head of this new department will be Assistant General Matthew Fitzsimmons, who will work alongside one attorney who will focus exclusively on privacy matters, and three other attorneys who will spend part of their time working with the department. For the last several years, Fitzsimmons has been an integral part of the consumer protection oversight and enforcement efforts of the AG’s Office, which have included frequent collaborations with the FCC, leading to large financial recoveries and settlements. Of course, this new department will also continue to work closely with the Department of Consumer Protection.
This department was created not only out of the state’s desire to better protect consumer privacy, but also because since 2012, when Connecticut companies were first obligated by law to notify the Attorney General’s office of data breaches, the office has received over 1,100 notifications. Assistant General Fitzsimmons says, “It’s going to be an enduring part of the office long after [Attorney General Jepsen] leaves.” Companies can take this as a fair warning that the Connecticut Attorney General’s office is on the lookout to investigate and enforce failures to adequately protect consumer information.