Connecticut’s new consumer-oriented privacy law, the Connecticut Data Protection Act (“CTDPA”), goes into effect on July 1, 2023. It covers everyone who conducts a business, regardless of size, in Connecticut. It also covers certain out-of-state businesses that produce products or services targeted to Connecticut residents which meet certain thresholds for controlling or processing data for at least 25,000 Connecticut residents
There are a variety of businesses that are exempt from compliance with the law, including those in the health care field subject to the Health Insurance Portability and Accountability Act (“HIPAA”), financial institutions like banks and credit unions subject to the Gramm-Leach-Bliley Act, and institutions of higher learning.
The law gives Connecticut residents a number of rights with regard to personal data held by a business, including:
- The right to access the data,
- The right to request copies of the data,
- The right to correct mistakes or errors in the data, and
- The right to delete personal data.
In addition to giving residents the data access and correction rights described above, covered businesses must:
- Minimize the collection of personal data,
- Only process personal data for purposes disclosed,
- Establish and maintain technical and physical data security practices that are reasonable for the security of the data, and
- Provide Connecticut residents with a privacy notice.
The privacy notice must describe the categories of personal data processed and the purpose of the processing, whether the data is shared with or sold to third parties, and how consumers can opt-out or limit use of their personal data for targeted advertising or sale.
Businesses already in compliance with California’s landmark legislation in this area, the California Consumer Privacy Act and the California Privacy Rights Act, are likely in good shape when it comes to compliance with Connecticut’s law and a quick review should confirm that. Those not in compliance should review their privacy policies over the next few months and update them. If you need help in this area, you can contact me at firstname.lastname@example.org or 203-718-3520