Regulator: The Connecticut Attorney General ('AG')
Summary: On 10 May 2022, the Connecticut State Governor signed Senate Bill 6 for an Act Concerning Personal Data Privacy and Online Monitoring into law, thereby enacting the CTDPA which is due to take effect on 1 July 2023. The CTDPA introduces various new consumer rights such as access, rectification, deletion, portability, and the right to opt out of targeted advertising, sale of personal data, and profiling. Furthermore, the CTDPA outlines various controller and processor responsibilities and provides the AG with enforcement powers.
Additionally, Connecticut has enacted §36a-701b of Title 36A the Connecticut General Statutes ('Conn. Gen. Stat.') ('the Data Breach Law'), regulating data breach notification requirements, and Conn. Gen. Stat. §42-471 ('the Personal Information Safeguarding Law'). The Personal Information Safeguarding Law regulates and protects both paper and electronic information, requiring any person who possesses the personal information to implement reasonable security measures to safeguard the personal information. Both the Data Breach Law and the Personal Information Safeguarding Law are regulated and enforced by the Privacy and Data Security Department of the AG.