Think there's nothing new in the world of state breach notification laws and regulations? Think again. On a Wednesday in August, the State of Connecticut Insurance Department issued Bulletin IC-25 to all regulated entities in Connecticut, including insurance producers, public adjusters, bail bond agents, appraisers, certified insurance consultants, casualty claim adjusters, property and casualty insurers, life and health insurers, health care centers, fraternal benefit societies, captive insurers, utilization review companies, risk retention groups, surplus line companies, life settlement companies, preferred provider networks, pharmacy benefit managers, and medical discount plans, requiring that ALL licensees and registrants notify the Department of any information security incident which affects any Connecticut residents. This is in addition to, and goes beyond, the existing breach notification requirements under Conn. Gen Stat. 36a-701(b). The procedural requirements set forth in the Bulletin are extensive, detailed, and will require covered organizations to act VERY quickly when they learn of a potential incident. Here are the basics.