CT| The notice applies to all persons who are licensed, authorized to operate or registered, or required to be licensed, authorized or registered pursuant to the insurance laws of Connecticut, except for purchasing groups or risk retention groups chartered and licensed in another state or a licensee that is acting as an assuming insurer and domiciled in another state or jurisdiction.
Licensees must develop, implement, and maintain a comprehensive written information security program (“ISP”) that complies with the requirements of Conn. Gen. Stat. § 38a-38(c) no later than October 1, 2020