Procurement Trend: Data Security Requirements. Annual Reviews for the Contractee.

Connecticut’s enacted Senate Bill 949 contains significant data security requirements for entities contracting with state agencies and entities in the health insurance and administration business. 

Contracting entities must provide:

• Comprehensive data-security program, including:
  • the use of security policies,
  • annual reviews of such policies,
  • access restrictions, and
  • mandatory security awareness training for employees beginning July 1, 2015.
• Restrict access to Confidential Information only to authorized contractor employees,
• Maintain the Confidential Information in secure servers with firewall protections
• Implement security and breach investigation procedures.
• Undergo annual reviews
• Include ongoing employee security awareness program.

National Law Review