Connecticut

Summary

Law: Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA) as amended by the Connecticut Act Concerning Online Privacy, Data, and Safety Protections (the Online Privacy Act) (Collectively, the CTDPA as amended)

Regulator: The Connecticut Attorney General (AG)

Summary: On 10 May 2022, the Connecticut State Governor signed CTDPA into law which entered into force on July 1, 2023. On June 12, 2023, the CTDPA was amended by the Online Privacy Act which became law and will enter into effect across 2023 and 2024. In particular, the Online Privacy Act makes amendments to the CTDPA to provide specific protections over the personal data of minors' and newly defined, 'consumer health data.' The CTDPA as amended establishes rights including a right to access, deletion, as well as portability for consumers, and provides the right to opt out of targeted advertising, sale of personal data, and automated profiling. The CTDPA also establishes various controller and processor obligations, and privacy notice requirements, and grants the AG exclusive authority to enforce its provisions.

Additionally, Connecticut has enacted §36a-701b of Title 36A the Connecticut General Statutes (Conn. Gen. Stat.) as amended by Senate Bill 1058 for An Act Concerning Charitable Organizations, Telecommunications and the Attorney General's Recommendations Regarding Consumer Protection (collectively the Data Breach Law) enacted on June 14, 2023, and effective on October 1, 2023. The Data Breach Law regulates data breaches and is enforced by the AG's Privacy and Data Security Department.

Browse more content in Connecticut

All Guidance Notes

All News

All Insights

News

09 May 2024

California: AG leads multistate coalition and sends letter to congressional leaders requesting changes to APRA

25 April 2024

Connecticut: Bill concerning AI passed by Senate

24 April 2024

Connecticut: Bill concerning AI receives joint favorable report

19 April 2024

Connecticut: Bill concerning AI referred to Committee on Judiciary

26 March 2024

Connecticut: Bill concerning AI referred to Office of Legislative Research and Office of Fiscal Analysis

13 March 2024

Connecticut: Bill concerning AI referred to Joint Committee on General Law

02 February 2024

Connecticut: AG releases report to educate consumers and businesses and enforce compliance with CTDPA

29 November 2023

Connecticut: Act Concerning Charitable Organizations, Telecommunications and Attorney General's Recommendations Regarding Consumer Protection signed by Governor

06 October 2023

Connecticut: Online Privacy Act enters into force

18 July 2023

Connecticut: Bill amending Online Privacy Act's becomes law upon Governor's signature

30 June 2023

Connecticut: CTDPA enters into force

13 June 2023

Connecticut: Bill on online privacy, data, and safety protections signed by Governor and becomes law

Insights

July 2023

Connecticut: Expanding online privacy and safety protections

On June 2, 2023, the Connecticut legislature passed Senate Bill 3, An Act Concerning Online Privacy, Data and Safety Protections, which was later issued as Public Act 23-56 (the Act). This wide-ranging new bill imposes an array of new requirements concerning access to and sharing of health data, geo-fencing, social media platforms, and online dating operators. The Act also makes revisions to the Connecticut Act Concerning Personal Data Privacy and Online Monitoring (CTDPA), the state's new comprehensive consumer data privacy law that comes into effect July 1, 2023. William J. Roberts, Stephanie M. Gomes-Ganhão, and Colton J. Kopcik, from Day Pitney LLP, summarize the Act's key points relating to consumer healthcare data, children's online safety, and online dating operators.

December 2022

USA: Practical considerations for meeting opt-out requirements under US state privacy laws - Part two

In this Insight article, Bart Huffman, Wendell Bartnick, and Haylie Treas, from Holland & Knight, address opt-out rights and related requirements under certain US state privacy laws that are currently in effect and/or will take effect in 2023.

Part two analyses the processing of opt-out requests, consent and opt-in requests, other compliance considerations, and the interplay with other major federal privacy laws, whereas part one explores opt-out rights, disclosures related to these opt-out rights, and opt-out mechanisms.

December 2022

USA: Practical considerations for meeting opt-out requirements under US state privacy laws - Part one

Part one explores opt-out rights, disclosures related to these opt-out rights, and opt-out mechanisms, whereas part two analyses the processing of opt-out requests, consent and opt-in requests, other compliance considerations, and the interplay with other major federal privacy laws.

November 2022

USA: Interaction of the GLBA and the CCPA/CPRA

Just as the Gramm-Leach-Bliley Act of 1999 ('GLBA') permits US states to extend greater protections than afforded by the same, states can also choose to exempt GLBA-regulated entities from compliance with state privacy statutes. In this Insight article, David Zetoony and Jena Valdetero, from Greenberg Traurig LLP, discuss how the California Consumer Privacy Act of 2018 ('CCPA') and the California Privacy Rights Act of 2020 ('CPRA') apply to financial institutions, whilst also drawing comparisons to other state privacy statutes' exemptions for financial institutions.

November 2022

Connecticut: FAQs - CTDPA

The Connecticut Act Concerning Personal Data Privacy and Online Monitoring ('CTDPA') was signed on 10 May 2022, entering into effect on 1 July 2023. OneTrust DataGuidance Research answers frequently asked questions ('FAQs') surrounding the CTDPA.

November 2022

USA: Cookie regulation in California, Virginia, Utah, Colorado, and Connecticut - towards a harmonised approach

Over the past few months, there has been an increased interest in consumer privacy laws across the US, with the states of Virginia, Utah, Colorado, California, and Connecticut having recently enacted comprehensive privacy legislation that will enter into effect in 2023. The enactment of these laws means that organisations in the US are subject to new privacy obligations, while consumers welcome their elevated data protection rights, aimed at better protecting consumer privacy.

Both the California Privacy Rights Act of 2020 ('CPRA') and the Virginia Consumer Data Protection Act ('CDPA') will come into force on 1 January 2023. The Colorado Senate Bill 21-190 for the Colorado Privacy Act ('CPA') and the Connecticut Act Concerning Personal Data Privacy and Online Monitoring ('CTDPA') will take effect on 1 July 2023, whereas the Utah Consumer Privacy Act ('UCPA') will enter into force on 31 December 2023. Though the aforementioned laws do not expressly refer to the use of cookies, many of their requirements (for example, in relation to disclosure) apply to the use of cookies – and organisations should therefore familiarise themselves with these requirements.

In this Insight article¹, we examine the convergences and divergences between the privacy laws of Virginia, Utah, Colorado, California, and Connecticut where they affect cookies, with a view to mapping out a possible harmonised approach to compliance.

July 2022

Connecticut: Analysing the CTDPA

On 10 May 2022, Connecticut became the fifth state to enact broad consumer data privacy legislation when Connecticut Governor Ned Lamont signed Senate Bill 6 - the Connecticut Data Privacy Act ('CTDPA'). David M. Stauss and Shelby E. Dolen, from Husch Blackwell LLP, provide an overview of the CTDPA and draw comparisons between the bill and other state privacy laws in California, Colorado, Virginia, and Utah.

May 2022

Connecticut: Act Concerning Personal Data Privacy and Online Monitoring – what you need to know

On 10 May 2022, the Connecticut State Governor signed Senate Bill 6, thereby enacting the Connecticut Act Concerning Personal Data Privacy and Online Monitoring ('CTDPA') and making Connecticut the fifth State in the US to pass a comprehensive privacy law, joining the likes of California, Colorado, Utah, and Virginia. In particular, the CTDPA provides several privacy rights for consumers, establishes obligations on data controllers, and assigns enforcement powers to the Attorney General ('AG'). OneTrust DataGuidance addresses some of the key requirements introduced by the CTDPA that organisations will have to keep in mind in the operationalisation of their privacy program.

July 2021

Connecticut: Updated data breach law

Connecticut's state law on data breaches is set for an update, bringing it more in line with modern legal standards in this regard. William J. Roberts, Partner at Day Pitney LLP, discusses the updates to Connecticut's legal framework and their impact.

July 2021

Connecticut: Cybersecurity bill enters into law "incentivising entities to take proactive steps to implement a written cybersecurity program"

House Bill ('HB') 6607 for an Act Incentivizing the Adoption of Cybersecurity Standards for Businesses entered, on 24 June 2021, into law without signature by Governor Ned Lamont and establishes an exemption for businesses facing penalties as a result of a data breach.

Connecticut

Summary

Browse more content in Connecticut

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us