The Connecticut State Teachers Retirement Board notified teachers last week that it's missing a USB flash drive containing personal data. Fortunately, proper security procedures appear to have been in place and the data on the device was encrypted.
"We have numerous controls in place so that financial transactions are properly authorized and executed and have enhanced our internal procedures over the physical control of flash drives," according to the letter, which was signed by Darlene Perez, administrator of the retirement board.
In Connecticut, data breach notifications are required under General Statute 36a-701(b). This law only applies to data that "has not been secured by encryption or by any other method or technology that renders the personal information unreadable or unusable".
Does your state have a data breach notification law?