Connecticut Data Privacy Act Overview
The Connecticut Data Privacy Act (CTDPA) was signed into law by Governor Ned Lamont on May 10, 2022, becoming the fifth comprehensive state privacy law to be passed in the US. The CTDPA will introduce new requirements for organizations operating in the state of Connecticut including new consumer rights, conditions for using sensitive data, and conducting data privacy risk assessments. Much like most other state privacy laws, the CTDPA will be exclusively enforced by the Connecticut Attorney General who will have the power to issue monetary and administrative sanctions for non-compliance with the law.
What is the CTDPA?
The CTDPA is a piece of comprehensive privacy legislation passed in the state of Connecticut that provides residents of Connecticut greater control over the use of their personal data. The law requires organizations to develop robust privacy programs in order to maintain compliance and requires them to put in place processes for collecting valid consent, fulfilling individuals' rights, and conducting risk assessments, among other things.
Key compliance areas under the CTDPA
The CTDPA closely resembles other US state privacy laws and grants individuals a range of consumer rights as well as placing obligations on the data controller to present clear and accessible privacy notices. Organizations covered by the CTDPA will need to consider a range of new obligations including:
- Providing a “reasonably accessible, clear and meaningful privacy notice” to consumers Conduct data protection assessments for certain processing activities
- Honoring universal opt-out mechanisms, e.g. Global Privacy Control
- Entering into vendor contracts with data processors
- Collecting valid consent prior to processing sensitive data
Connecticut Data Privacy Act overview infographic
Download the OneTrust DataGuidance overview infographic to find out more about key compliance areas under the CTDPA, including:
- Scope
- Exclusions
- Key definitions
- Consumer rights
- Enforcement
The CTDPA will enter into effect on July 1, 2023, giving organizations covered by the law time to implement the appropriate solutions and policies. Download the infographic for an overview of the CTDPA’s requirements or request a demo to see how OneTrust DataGuidance can help you have a deeper understanding of these requirements.